Posts

Overview # In last part of cloudtrail log analysis we have identified that there are three suspicious ARN and 4 IPs out of which 2 belongs to the AWS and objects are downloaded from betadocumentsv2 s3 bucket and activity started around 4 Jul 2024 12:00, In this we will try to build a timeline of the events and find a conclusion exactly what services are compromised.

Overview # This part of AWS Threat Detection series will focus on how CloudTrail logs can be used to detect the attacks in AWS environment, how those can be mapped to the MITRE Attack Framework and try to understand the process of investigation rather than focusing specific attacks.

Overview # The second part of this blog series will focus on the logging capabilities of the AWS and what different services we can use to collect the logs from multiple services like EC2, IAM, S3 buckets, VPC etc…

Overview # Welcome to our comprehensive blog series focused on AWS threat detection.

This blog will cover the technical analysis of Konni malware family malicious Lnk file.

Overview # Malware is a piece of software which is created by some smart developers who think out of the box and this piece of software is more complex to reverse engineer because they implemented a lot of Anti-Analysis, Anti-Bypass, Anti-VM and all other Anti stuff.