AWS CIRT announces the launch of 5 available workshops publicly

 <div>          <img src="https://www.infracom.com.sg/wp-content/uploads/2022/12/tech-city-scaled.jpg" class="ff-og-image-inserted" />          </div>     

Greetings from the AWS Consumer Incident Response Group (CIRT) ! AWS CIRT is focused on supporting customers during energetic security occasions on the customer aspect of the AWS Shared Responsibility Design.

 <pre>          <code>        &lt;p&gt;Year over the past, AWS CIRT has taken care of immediately a huge selection of such security events, like the unauthorized usage of &lt;a href="https://aws.amazon.com/iam/" focus on="_blank" rel="noopener"&gt;AWS Identity and Accessibility Management (IAM)&lt;/the&gt; credentials, information and ransomware deletion within an AWS account, and billing increases because of the creation of unauthorized assets to mine cryptocurrency.&lt;/p&gt; 

<p>We have been excited release a five workshops that simulate these safety events to assist you learn the various tools and processes that AWS CIRT uses every day to detect, investigate, and react to such security activities. The workshops include AWS tools and solutions, such as for example <a href=”https://aws.amazon.com/guardduty/” focus on=”_blank” rel=”noopener”>Amazon GuardDuty</the>, <a href=”https://www.amazonaws.cn/en/cloudtrail/” focus on=”_blank” rel=”noopener”>Amazon CloudTrail</the>, <a href=”https://aws.amazon.com/cloudwatch/” focus on=”_blank” rel=”noopener”>Amazon CloudWatch</the>, <a href=”https://aws.amazon.com/athena/” focus on=”_blank” rel=”noopener”>Amazon Athena</the>, and <a href=”https://aws.amazon.com/waf/” focus on=”_blank” rel=”noopener”>AWS WAF</the>, along with a few open source tools published and compiled by AWS CIRT.</p>
<p>To gain access to the workshops, you will need an AWS accounts just, an web connection, and the need to find out more about incident reaction in the AWS Cloud! Pick the following links to gain access to the workshops.</p>
<p><a href=”https://catalog.workshops.aws/aws-cirt-unauthorized-iam-credential-use” focus on=”_blank” rel=”noopener”>Unauthorized IAM Credential Use – Safety Event Recognition&lt and Simulation;/the></p>
<p>In this workshop, you shall simulate the unauthorized usage of IAM credentials with a script invoked within <a href=”https://aws.amazon.com/cloudshell/” focus on=”_blank” rel=”noopener”>AWS CloudShell</the>. The script will perform reconnaissance and privilege escalation routines that have been frequently noticed by AWS CIRT and which are generally performed during similar occasions of this nature. Become familiar with some tools and procedures that AWS CIRT utilizes also, and how exactly to use these equipment to find proof unauthorized activity through the use of IAM credentials.</p>
<p><a href=”https://catalog.workshops.aws/aws-cirt-ransomware-simulation-and-detection” focus on=”_blank” rel=”noopener”>Ransomware on S3 – Security Event Recognition&lt and Simulation;/the></p>
<p>In this workshop, you shall use an <a href=”https://aws.amazon.com/cloudformation/” focus on=”_blank” rel=”noopener”>AWS CloudFormation</the> template to reproduce a host with multiple IAM customers and five <a href=”https://aws.amazon.com/s3/” target=”_blank” rel=”noopener”>Amazon Simple Storage Assistance (Amazon S3)</the> buckets. AWS CloudShell will operate a bash script that simulates information exfiltration and information deletion activities that replicate a ransomware-based security event. Additionally, you will learn the procedures and equipment that AWS CIRT utilizes to react to similar events, and how exactly to use these tools to get proof unauthorized S3 item and bucket deletions.</p>
<p><a href=”https://catalog.workshops.aws/aws-cirt-cryptominer-simulation-and-detection” focus on=”_blank” rel=”noopener”>Cryptominer Based Security Events – Recognition&lt and Simulation;/the></p>
<p>In this workshop, you shall simulate a cryptomining security event with a CloudFormation template to initialize three <a href=”https://aws.amazon.com/ec2/” target=”_blank” rel=”noopener”>Amazon Elastic Compute Cloud (Amazon EC2)</the> instances. These EC2 instances shall mimic cryptomining activity by performing DNS requests to known cryptomining domains. Additionally, you will learn the various tools and procedures that AWS CIRT utilizes to react to similar occasions, and how exactly to use these equipment to find proof unauthorized development of EC2 situations and communication with recognized cryptomining domains.</p>
<p><a href=”https://catalog.workshops.aws/aws-cirt-ssrf-imdsv1-simulation-and-detection” focus on=”_blank” rel=”noopener”>SSRF on IMDSv1 – Recognition&lt and Simulation;/the></p>
<p>In this workshop, you’ll simulate the unauthorized usage of a web software that’s hosted on a good EC2 example configured to utilize <a href=”https://www.youtube.com/watch?v=2B5bhZzayjI” target=”_blank” rel=”noopener”>Instance Metadata Program Edition 1 (IMDSv1)</the> and susceptible to server side demand forgery (SSRF). You shall understand how web application vulnerabilities, such as SSRF, may be used to get credentials from an EC2 instance. Additionally, you will learn the procedures and equipment that AWS CIRT utilizes to respond to this sort of access, and how exactly to use these equipment to find proof the unauthorized usage of EC2 example credentials through web program vulnerabilities such as for example SSRF.</p>
<p><a href=”https://catalog.workshops.aws/aws-cirt-toolkit-for-incident-response-preparedness” focus on=”_blank” rel=”noopener”>AWS CIRT Toolkit For Automating Incident Reaction Preparedness</the></p>
<p>In this workshop, you’ll install and test out some common tools plus utilities that AWS CIRT utilizes every day to detect protection misconfigurations, react to active activities, and assist clients with safeguarding their infrastructure.</p>
<p>When you have feedback concerning this post, submit remarks in the<strong> Remarks</strong> area below. Should you have questions concerning this write-up, <a href=”https://gaming console.aws.amazon.com/assistance/home” focus on=”_blank” rel=”noopener”>contact AWS Assistance</the>.</p>
<p><strong>Want a lot more AWS Security news? Stick to us on <a href=”https://twitter.com/AWSsecurityinfo” title=”Twitter” target=”_blank” rel=”noopener noreferrer”>Twitter</the>.</strong></p>

<!– ‘”` –>