Recent
[ AWS Threat Detection Part - 3 ] Detecting Attacks in AWS using CloudTrail Logs - Chapter 2
·829 words·4 mins
Overview # In last part of cloudtrail log analysis we have identified that there are three suspicious ARN and 4 IPs out of which 2 belongs to the AWS and objects are downloaded from betadocumentsv2 s3 bucket and activity started around 4 Jul 2024 12:00, In this we will try to build a timeline of the events and find a conclusion exactly what services are compromised.
[ AWS Threat Detection Part - 3 ] Detecting Attacks in AWS using CloudTrail Logs - Chapter 1
·1290 words·7 mins
Overview # This part of AWS Threat Detection series will focus on how CloudTrail logs can be used to detect the attacks in AWS environment, how those can be mapped to the MITRE Attack Framework and try to understand the process of investigation rather than focusing specific attacks.
[ AWS Threat Detection Part - 2 ] Understanding AWS Logging Capabilities
·1440 words·7 mins
Overview # The second part of this blog series will focus on the logging capabilities of the AWS and what different services we can use to collect the logs from multiple services like EC2, IAM, S3 buckets, VPC etc…
[ AWS Threat Detection Part - 1 ] Basics Of AWS & Attacks in AWS
·644 words·4 mins
Overview # Welcome to our comprehensive blog series focused on AWS threat detection.
Konni [ North Korea-linked APT group ] LNK Analysis
·1956 words·10 mins
This blog will cover the technical analysis of Konni malware family malicious Lnk file.