Threat hunting in AWS using FIRCY Sense and native AWS tools in Canberra

This is a hands-on technical workshop where you will learn how to use AWS native tools and FIRCY Sense for threat hunting in the AWS cloud. You will be given an AWS account that has been breached in a number of different ways. Your mission is to discover what the adversaries have compromised and how they infiltrated the account. This is a capture the flag style workshop where you will dive deep into different logs, following the trail to hunt them down.

To get the most out of this workshop you should have a basic understanding of AWS, including CloudTrail, S3 and IAM.

What you will learn:

• AWS Security and related services including: CloudTrail, GuardDuty, IAM, Access Analyzer, Security Hub, Inspector, Athena.
• Using the FIRCY Sense API for hunting and enrichment
• Log diving at scale
• Detection techniques
• Indicators of compromise
• Privilege escalation techniques
• Persistence techniques
• Containment techniques

What is FIRCY Sense?

Sense is the world’s first threat intelligence solution designed to hunt cloud-native scanners and adversaries. As organisations rely more on the cloud, our platform redefines security teams’ reach and capabilities from the ground up. Every day, we track over two million malicious events overlooked by other cybersecurity tools. Our platform provides some of the industry’s only meaningful insights into the global movements of cloud-native adversaries, scanners, bots, and more. Sense is powered by the largest network of cloud-based assets deployed for intelligence collection. The platform’s API can be used as a source for automated enrichment & data ingestion or as a standalone tool for continuous threat hunting and incident response. You can query for IP addresses, ASNs, and unique events related to your FIRCY-hosted decoys — we enrich every result with data from more than 25 sources of trusted threat intelligence for additional context.

Every attendee will be given the opportunity to trial FIRCY Sense after the session, obligation free and at no cost.

Requirements

You will need to bring your own laptop and charger with a web browser and text editor, FIRCY will provide AWS accounts for use during the training.

Location

The workshop will be held in person only, the exact location will be shared prior. If you can’t make this one or are interested in attending a virtual one instead, reach out to us at gday@fircy.co

About FIRCY

FIRCY was founded on the back of over a decade’s worth of accumulated experience in the incident response and cloud security industry. After setting global cloud security standards for Amazon Web Services, FIRCY’s co-founder and CTO Ben Potter decided to tackle the industry’s dangerous lack of cloud-dedicated cyber defences. Today, FIRCY provides organisations with expert consultations, forensic investigations, and the industry’s first dedicated cloud threat intelligence and deception product. Our mission is to redefine modern cloud security and make proactive threat management the norm in the industry.