Hands-On Workshop: Building Detection in AWS
This is a 2 hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (AWS Edition)“, we will work through the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our AWS environments. The overall process and takeaways will be:
- Establish proper logging to detect the adversarial activity
- Perform the attack to generate the appropriate artifacts
- Review the log event data
- Create an automated process to quickly discover this activity
- Test that the automated process is working effectively by “re-attacking” the AWS account
Prerequisites: An AWS account with administrator access
System Requirements: A modern web browser
