SEC-T - 0x10sion

10-13th of September 2024

Incident response in AWS

Where

This is not the same address as the conference! Same building but different entrance.
Söder Mälarstrand 57
118 25 Stockholm

Day 1 (2024-09-10)

8.30 – 09.00 Registration & breakfast
9.00 – 12.00 Training
12.00 – 13.00 Lunch
13.00 – 15.00 Training
15.00 – 15.30 Coffee break
15.30 – 17.00 Training

Day 2 (2024-09-11)

8.30 – 09.00 Registration & breakfast
9.00 – 12.00 Training
12.00 – 13.00 Lunch
13.00 – 15.00 Training
15.00 – 15.30 Coffee break
15.30 – 17.00 Training

In this two-day course, you’ll experience in real-time a cloud incident and subsequent data breach, simulated in a vulnerable-by-design application. Students will act as our fictional company’s incident response team, and experience the various phases of the IR lifecycle. As an adversary compromises our simulated application we’ll cover detection, conduct a forensic investigation of the cloudTrail logs to determine what the attacker did, execute containment activities, and then perform an analysis to see if a data breach occurred. Students will then be let loose to track down a parallel incident and find the key indicators of cloud compromise in a CTF-like fashion.

The class is targeted toward SOC analysts and security engineers who are new to AWS and need a crash course in Cloudtrail, S3, IAM, serverless, and the many ways the public cloud changes the incident response process. Students need only a basic understanding of AWS and their laptops, as the entire cloud environment will be pre-built for our incident.

The class is taught by Chris Farris who has a long career in IT and cloud security. He is a AWS Security Hero, an organizer of the fwd:cloudsec conference and has presented at several AWS conferences.

Get training ticket

Target Audience

Security operations analysts, incident responders, security engineers & architects who want to experience an incident in AWS before it happens to them for real.

Prerequisites

The class is targeted toward SOC analysts and security engineers who are new to AWS and need a crash course in CloudTrail, S3, IAM, Serverless, and the many ways the public cloud changes the incident response process. This class doesn’t teach you to be an incident responder; it will teach an incident responder how to respond in AWS. Students need only a basic understanding of AWS and their laptops, as the entire cloud environment will be pre-built for our incident.

Day 1

Day 2