2-DAY TRAINING 4 – Cloud Security Masterclass: Defender’s Guide to Securing Public Cloud Infrastructure
THIS CLASS IS NOW BEING HELD ONLINE FOLLOWING SINGAPORE TIMEZONE (CET +6)
DURATION: 2 DAYS
CAPACITY: 15 pax
SEATS AVAILABLE: CLASS CANCELLED
This training focuses on elevating your malware analysis, forensic investigations, and incident response knowledge into the cloud. The hands-on training focuses on building a fully automated malware analysis, threat intelligence, and forensics investigation pipeline by utilizing cloud services like AWS, Azure, and GCP. We will cover scenarios, exercises and demos about building fully automated and scalable services that can perform both static as well as dynamic malware analysis, forensic artifact collection at scale, performing automated investigations against IAM attacks, gathering threat intelligence as well as creating alerts and reports.
By the end of this training, we will be able to use cloud technologies like Cloudtrail and Cloudwatch to detect IAM attacks, serverless functions to perform on-demand scans, docker containers to deploy our threat scanning services at scale, notification services to create detection alerts, malware-infected virtual machines to perform automated forensic investigations and artifacts collection, DynamoDB and Athena for building real-time threat intelligence and monitoring dashboards.
We will learn to use in-built cloud services along with open source and custom-built tools to connect our file scanning services. In all, we will be building a fully automated incident response as well as threat intelligence pipeline that can be used by large scale security teams and researchers.
Key Learning Objectives
Using serverless functions, containers and event notifiers to build your own incident response pipeline.
Building real-time dashboards for threat tracking and intelligence gathering.
Building Advanced automated pipelines for forensic investigations, artifact storage, and malware feature extractors.
Integrating and utilizing open source services and tools like AWS_IR, Scout, Cloud custodian, Virustotal lookups, Volatility, Yara and many more.
Who Should Attend
Incident responders, Analysts
Malware investigators and Analysts
Threat intelligence analysts and Responders
Blue team and Purple team members
Cloud Security Teams
Basic understanding of cloud services
System administration and linux cli
Able to write basic programs in python
Hardware / Software Requirements
Laptop with internet access
Free tier account for AWS
Agenda – Day 1:
Introduction to cloud services
Basic terminologies: IAM, VPC, AMI, serverless, containers etc.
Introduction to Logging services in cloud.
Introduction to shared responsibility model.
Setting up your free tier account.
Setting up AWS command-line interface.
2. Detecting and monitoring against IAM attacks.
Detecting and responding to user account brute force attempts.
Detecting compromised credentials of IAM user.
Detecting privilege escalation and access permission flaw using aws_escalate.
Attacking and defending against user role enumeration.
Brute force attack detection using cloudTrail.
PagerDuty notification for alarms and notifications.
3. Malware detection and investigation on/for cloud infrastructure
Quick introduction to static and dynamic malware analysis
Building clamAV based static scanner for S3 buckets using AWS lambda.
Integrating serverless scanning of S3 buckets with yara engine.
Building signature update pipelines using static storage buckets to detect recent threats.
Malware alert notification through SNS and slack channel.
Adding advanced context to slack notification for quick remediation.
Detecting malware command and control through VPC traffic mirroring and GuardDuty.