Pwned Labs - Detect Malicious Activity with AWS Honey Tokens

Overview

We created this beginner-friendly and hands-on lab to teach about honey tokens and how digital tripwires can be implemented natively using AWS services. The solution stack in this lab covers IAM, CloudWatch, CloudTrail and Lambda.

Scenario

Huge Logistics are a global leader in their industry and an attractive target for cybercrime groups. You have taken the initiative to create digital tripwires in AWS in the form of honey tokens, as part of a defense in depth and "assume breach" approach to proactively securing the environment and reducing time from breach to detection.

Lab prerequisites

Basic Linux command line knowledge

Learning outcomes

Plant honey tokens in AWS services
Create infrastructure to alert on honey token use

Real-world context

Honey tokens are a real-world security measure and can be effective in detecting malicious activity. Honey tokens are decoy credentials or data elements that are deliberately planted in a system. When naming "honey" resources it is important to make it as plausible as possible while still sounding important, otherwise experienced threat actors may recognize and avoid them.

Cloud Security Training To Protect Your Business

Pwned Labs for Business gives your team access to dedicated business content, including labs and cyber ranges.

We also offer in-person or remote workshops, and our cloud penetration services are helping businesses become more secure!

Find out more

Detect Malicious Activity with AWS Honey Tokens

Cloud Security Training To Protect Your Business

Privacy Policy | Terms & Conditions