Pwned Labs - Breach in the Cloud

Overview

Welcome! We hope that this introductory lab will be enjoyed by red and blue alike. Purple-teaming FTW! It showcases using AWS CloudTrail logs to detect malicious activity, as well as S3 enumeration.

Scenario

We've been alerted to a potential security incident. The Huge Logistics security team have provided you with AWS keys of an account that saw unusual activity, as well as AWS CloudTrail logs around the time of the activity. We need your expertise to confirm the breach by analyzing our CloudTrail logs, identifying the compromised AWS service and any data that was exfiltrated.

Lab prerequisites

Basic Linux command line knowledge

Learning outcomes

Prettifying JSON files for easier analysis
Familiarity with the AWS CLI
Familiarity with analyzing CloudTrail logs
Enumerating S3 buckets
Simulating an attacker to validate the path to breach

Real-world context

Analyzing AWS CloudTrail logs is a standard practice for detecting suspicious activity within an AWS account, while S3 buckets are frequently targeted by attackers due to the valuable data they can contain.

Cloud Security Training To Protect Your Business

Pwned Labs for Business gives your team access to dedicated business content, including labs and cyber ranges.

We also offer in-person or remote workshops, and our cloud penetration services are helping businesses become more secure!

Find out more

Breach in the Cloud

Cloud Security Training To Protect Your Business

Privacy Policy | Terms & Conditions