catalog.workshops.aws
Open in
urlscan Pro
2600:9000:23cb:d400:12:97a9:3c00:93a1
Public Scan
Submitted URL: https://lnkd.in/dX3r_FF7
Effective URL: https://catalog.workshops.aws/aws-cirt-ransomware-simulation-and-detection/en-US/introduction
Submission: On February 23 via manual from US — Scanned from US
Effective URL: https://catalog.workshops.aws/aws-cirt-ransomware-simulation-and-detection/en-US/introduction
Submission: On February 23 via manual from US — Scanned from US
Form analysis 0 forms found in the DOM
Text Content
You need to enable JavaScript to run this app.
SETTINGS
RANSOMWARE ON S3 - SIMULATION AND DETECTION
--------------------------------------------------------------------------------
* Introduction
* AWS CIRT Tools and Resources
* Getting Started
* AWS Event Hosted Workshop
* Setup
* Using AWS CloudFormation
* Using Amazon Athena
* Reviewing Logs
* Simulation
* Detection
* Investigating Ransomware - Part 1
* Investigating Ransomware - Part 2
* Investigating Ransomware - Part 3
* Investigating Ransomware - Part 4
* Cleanup
* Summary
--------------------------------------------------------------------------------
*
* AWS Documentation Homepage
1. Ransomware on S3 - Simulation and Detection
2. Introduction
INTRODUCTION
In this workshop you will learn about open source tools such as Assisted Log
Enabler and Security Analytics Bootstrap. You will then use a bash script within
AWS CloudShell to simulate a security event typical in nature to the
unauthorized activity conducted by ransomware. Following the simulation of
unauthorized activity, you will then have the opportunity to investigate and
identify evidence related to data destruction in, and data exfiltration from, an
Amazon S3 bucket. This workshop was designed for personnel interested in
learning how to respond to security events in AWS environments. Basic knowledge
of AWS will be helpful for this workshop. Familiarity with SQL and the Linux
command line will also be helpful, however, this knowledge is not a requirement.
The duration of this workshop is approximately one (1) hour.
--------------------------------------------------------------------------------
OUTCOMES
Upon completing this workshop, you will have achieved the following milestones:
* Performed Athena queries and other tasks to respond to and review log data
and other indicators of compromise
* Learnt about various CloudTrail events that will aid in response activities
related to unauthorized activity
* Viewed CloudWatch metrics to provide additional indicators of data retrieval
and data deletion
* Used the AWS Billing service and Cost Usage Reports to identify other
indicators of compromise
* Used Amazon GuardDuty to view findings triggered by S3 bucket tampering
Note: This workshop deploys resources in a single availability zone and does not
use Auto Scaling Groups. While this does not adhere to the AWS Well-Architected
principles, this is done deliberately to simplify the environment and provide
focus to the outcomes of the workshop.
Previous
Next
© 2008 - 2023, Amazon Web Services, Inc. or its affiliates. All rights
reserved.Privacy policyTerms of use
SETTINGS
SETTINGS
More
EVENT ENGINE DEBUG MENU
BUILD INFORMATION
Build Version 2023-02-16-17:29:15
Enable ConsoleLogSink