This course on threat hunting in the cloud aims to teach learners about the shared responsibility model in cloud environments, the challenges of using traditional network security tools, and the types of attacks that can occur. The course covers topics such as cloud service provider adoption, attacker tools, endpoint considerations, and examples of enterprise and AWS architectures. The teaching method includes lectures and examples from industry experts. This course is intended for individuals interested in cloud security, network security, and threat detection and response in cloud environments.
Overview
Syllabus
Intro
What is a cloud service provider?
Shared responsibility model (IaaS)
Cloud service provider adoption aws
Infosec community on cloud services How well do traditional network Security tools work in cloud environments?
What are they after? It depends on the type of attacker
Attacks in the field
Enterprise architecture example
AWS architecture example
CSP Attacker Tools
Catching direct attacks against the CSP
Endpoint considerations
Endpoint visibility - forensics data
Endpoint visibility - PowerShell visibility
Executing code - Azure API | Endpoint execution
Executing code - AWS API | Endpoint execution
Taught by
NorthSec
