Incident Response in AWS


In this two-day course, you’ll experience in real-time a cloud incident and subsequent data breach, simulated in a vulnerable-by-design application. Students will act as our fictional company’s incident response team, and experience the various phases of the IR lifecycle. As an adversary compromises our simulated application we’ll cover detection, conduct a forensic investigation of the CloudTrail logs to determine what the attacker did, execute containment activities, and then perform an analysis to see if a data breach occurred.

The class is targeted toward SOC analysts and security engineers who are new to AWS and need a crash course in CloudTrail, S3, IAM, Serverless, and the many ways the public cloud changes the incident response process. Students need only a basic understanding of AWS and their laptop, as the entire cloud environment will be pre-built for our incident.

Knowledge/Experience/Prerequisites students should have to get the most from this course

This course won’t teach the basics of incident response. It’s designed to bridge the gap for SOC analysts and incident responders and the brave new world of AWS and the public cloud. A very basic understanding of AWS would be helpful, but won’t be required.

Target Audience, e.g. beginner analysts, advanced red team, etc.

Security Operations Analysts, Incident Responders, Security Engineers & Architects who want to experience an incident in AWS before it happens to them for real.