|24 August||Tuesday||09:00-17:00 SGT/GMT +8||8 Hours|
|25 August||Wednesday||09:00-17:00 SGT/GMT +8||8 Hours|
Breach investigations, Malware analysis, threat intelligence, and forensic investigation plays a critical role in large scale incident response teams. Traditional analysis tools and deployment methods are not built to support multiple security teams separated geographically. Also, cloud-based workloads require additional monitoring which poses another challenge. This training tries to solve the two problems by building scalable and automated services to perform investigations, reporting and alerting for cloud workloads by directly using native cloud services.
The training will begin by covering technical and architectural understanding of the cloud and its services in the introductory phase. We will then dive into the Identity and access management based attack and defense scenarios. The lesson will follow through by deploying attack templates to replicate real-life IAM attack scenarios and countermeasures required to implement Principle of Least privilege.
The second phase of the training will cover cloud infrastructure security. Beginning from building alerting services for common attack scenarios like brute force and account takeover. Then we focus on persistence techniques used by attackers to pivot into the cloud environment and how to defend against such attacks. By using attack templates, we will simulate use-cases like token hijacking and trail deletion, with emphasis on building defensive measures by using cloud native technologies at scale.
The next part of cloud infrastructure security will involve hands-on tool building for automated malware detection by utilizing lambda functions. We will cover CTF exercises on detecting malware at scale across the cloud infrastructure along with integrating additional features like file-type determination and automated signature update through object stores.
In the third phase, we will dive deeper into security monitoring. We will focus on building a SIEM-like detection and alerting capability by deploying Elasticsearch stack and through Slack web-hooks. We will also enhance the capability by building a Security data lake. This would enable large scale security teams to perform threat intelligence and correlation on historic security data.
The fourth phase of the training will focus on forensic investigations. We will learn to build investigation playbooks using step functions to automate the investigation and reporting process. Examples include automated forensic artifact collection by utilizing lambda functions, automated analysis, building timeline, dumping process memory & alerting through Slack or SNS.
In summary, this training focuses on elevating your threat detection, investigations, and response knowledge into the cloud. This hands-on training with CTF-style exercises simulates real-life attack scenarios on cloud infrastructure & applications. It then teaches you to build defensive guard rails against such attacks by using cloud native services on AWS. This makes it an ideal class for red & blue teams.
By the end of this training, we will be able to:
This is a unique course which is on the cloud and for the cloud. It not only helps train the individuals on cloud terminologies but also enables them to build scalable defense mechanisms for their services running in the public cloud. The training explicitly focuses on threat detection, Incident response, malware investigations and forensic analysis of cloud infrastructure which is still a very less known domain in the market.