Bucket blue team ctf

Category : Digital Forensics

'AWS'

'cloud'

'IR'

'log analysis'
1720 Players
4.2 (434)
Easy

Instructions:

  • Use the provided credentials to access AWS cloud trail logs and answer the questions.

 

Scenario

Welcome, Defender! As a soc analyst, we're granting you access to the AWS account called "Security" as an IAM user. This account contains a copy of the logs during the time period of the incident and has the ability to assume the "Security" role in the target account so you can look around to spot the misconfigurations that allowed for this attack to happen.


Credentials

Your IAM credentials for the Security account:

  • Login: https://flaws2-security.signin.aws.amazon.com/console
  • Account ID: 322079859186
  • Username: security
  • Password: password
  • Access Key: AKIAIUFNQ2WCOPTEITJQ
  • Secret Key: paVI8VgTWkPI3jDNkdzUMvK4CcdXO2T7sePX0ddF

 

Environment

The credentials above give you access to the Security account, which can assume the role of "security" in the Target account. You also have access to an S3 bucket, named flaws2_logs, in the Security account, that contains the CloudTrail logs recorded during a successful compromise

 

 

Tools

 

Sign in to Download challenge

Need Help?

Join our Discord server, connect with fellow defenders, and get help while solving challenges.
  • SHA1SUM:
    fb393619f09c8e9d7272f305329601645e5aa952
  • Password:
    cyberdefenders.org
  • Size:
    356 Bytes
  • Published:
    Dec. 7, 2021, midnight
First blood

Labib

544 days ago

Last solve

Schweinsteiger

today

Authors

Scott Piper