AWSWatcher

AWSWatcher is a blue team lab that falls under the Cloud Forensics category and will cover the following subjects: CloudTrail, CloudWatch, Lambda, S3, Initial Access, Persistence, Privilege Escalation, Defense Evasion, Exfiltration, Impact.

Learning Objectives

Analyze AWS GuardDuty, CloudTrail, S3, and CloudWatch logs to identify attacker actions, exploited misconfigurations, and reconstruct an AWS cloud security incident.

Categories: Cloud Forensics.

MITRE ATT&CK Tactics: Initial Access, Persistence, Privilege Escalation, Defense Evasion, Exfiltration, Impact.

Tools: CloudTrail, CloudWatch, S3, Lambda.

Difficulty: easy.