Top Instructors Share Their Expertise ONLINE at SANS - Special Offers Available NOW!


To attend this webcast, login to your SANS Account or create your Account.

Tech Tuesday - Cloud Security Monitoring and Threat Hunting

  • Tuesday, October 20, 2020 at 8:00 PM EST (2020-10-21 00:00:00 UTC)
  • Shaun McCullough

You can now attend the webcast using your mobile device!



This workshop is a deep dive into the native services in AWS for gathering, analyzing, and detecting threats. You will be learning about some common attack techniques against Cloud infrastructure, and then investigate how to detect those techniques in AWS using CloudTrail, VPC Flow Logs, Athena and CloudWatch logs. The goal of this workshop is to gain hands-on experience so that you will leave with confidence that you'll be able to start detecting potential threats in your own environment.

*Please download workshop instructions and the VM prior to the session here:

System Requirements:

  • Laptop running Windows, Linux, or Mac OS X 64-bit version
  • At least 8 GB RAM
  • 40 GB of available disk space
  • Administrator access to the operating system
  • Anti-virus software will need to be disabled to install some of the tools
  • An available USB port
  • Wireless NIC for network connectivity
  • Machines should NOT contain any personal or company data
  • Verify that under BIOS, Virtual Support is ENABLED
  • AWS account with full administrative access

Prerequisites: Attendees should be familiar with information security concepts, have familiarity with AWS, and have a working knowledge of using AWS Command Line Interface AWS, as well as configuring AWS resources such as EC2, S3 and VPC's.

*Please note that this WILL NOT be recorded. Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.

Speaker Bio

Shaun McCullough

Mr. McCullough is a software engineer for 25 years who began working in information security 10 years ago. He has an undergraduate degree in Computer Engineer from Virginia Tech and a Masters in Information Security Engineering from the SANS Technology Institute.

In the Department of Defense, Mr. McCullough was the Technical Director of Red and Blue operations teams, a researcher of advanced host analytics, and currently runs a threat intelligence focused open source platform.

Mr. McCullough is also a consultant with H&A Security Solutions, focusing on analytic development, Devops support, and security automation tooling.

Mr. McCullough gives back to his profession by mentoring and supporting the next generation of cyber professionals at his work. He has spoken at numerous private conferences, SANS events and at BSides DC.

SANS changed the direction of my career. From the first day I stepped into Ed Skoudis' SEC560 class, I knew I wanted to be a practitioner in information security. Since that time, I have immersed myself in learning and understanding the industry, its gaps, and how I could be a part. I am thrilled to have an opportunity to give back to the future SANS students in any way that I can.

Online at @thecybergoof

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.