Detection Strategies
for Multi-Cloud infrastructure
Abstract :
As adversarial attacks on multi-cloud infrastructure become increasingly targeted, organizations must prioritize effective detection and investigation strategies. This workshop is designed to equip participants with in-depth knowledge and hands-on experience, enabling them to identify and counter various attack vectors that threaten multi-cloud environments. The program explores sophisticated techniques used by Advanced Persistent Threat (APT) groups, which pose significant detection challenges. The workshop emphasizes not only understanding offensive operations but also mastering the skills necessary to investigate these threats thoroughly. Participants will engage with a range of defensive solutions, gaining hands-on experience that will enhance their ability to anticipate, identify, and neutralize potential threats before they can cause significant harm. By the end of the program, attendees will have developed a robust set of skills that allow for proactive threat identification, thereby strengthening their organization's overall security posture.
Red Team Highlights
- Understanding the techniques employed by adversarial group Blue Team Highlights
- Centralised Logging and Monitoring deployment
- Detection Engineering Fundamentals
- Cloud-Specific Threat Hunting Approaches
Blue Team Highlights
- Centralised Logging and Monitoring deployment
- Detection Engineering Fundamentals
- Cloud-Specific Threat Hunting Approaches
Table of Content
- Introduction to Multi-Cloud Threat Landscape [40 Min]
- Introduction to Multi-Cloud
- Multi-Cloud Adoption in Real-World Scenarios
- The Need for Multi-Cloud Security
- Multi-Cloud Security Challenges
- Cloud Threat Landscape
- Mitre Cloud Matrix
- Attacker Strategies in Multi-Cloud [50 Min]
- Midnight Blizzard Breach
- Entra ID to Office365 Access
- Ransomware in the Cloud: Scattered Spider
- Cloud native security services [10 Min]
- Log Sources & Visibility in Multi-Cloud [30 Min]
- AWS logs & its types
- CloudTrail Logs
- CloudWatch Logs
- VPC Flow Logs & Route 53 Resolver Query Logs
- Amazon S3 Access Logs
- Azure logs & its types
- Activity Logs
- Audit Logs
- Sign-in Logs
- Application Logs
- Unified Audit Logs [UAL]
- GCP logs & its types
- Audit Logs
- Application Logs
- Security Logs
- Networking Logs
- AWS logs & its types
- Attack Detection in AWS/Azure/GCP Cloud [2:30 Hrs]
- Red Team Simulation & Detection in
- AWS Attack & Detection
- Initial access via device code Phishing
- Privilege Escalation via Assume Role
- Backdooring via Lambda Function
- Clearing traces (Deleting Cloud Trail and its Logs)
- Azure Attack & Detection
- Initial Access via Exploiting RCE vulnerability in the Azure Managed VM
- Privilege Escalation via App Registration
- Backdooring via misconfigured App Registration
- Clearing Traces (Deleting Diagnostic Settings and its logs)
- GCP Attack & Detection
- Initial Access - Insider Threat
- Privilege Escalation via Service Account Token Impersonation
- Backdoor via OAuth App
- Clearing Traces (Disabling Sink and deleting logs)
- AWS Attack & Detection
- Red Team Simulation & Detection in
Bio
Harisuthan is a seasoned Blue Team Security Researcher at CyberWarFare Labs, with over 3 years of dedicated experience in cyber defense. He has a deep understanding of Blue Team methodologies, including adversarial threat detection and investigation, proactive threat hunting, and conducting adversary emulation and simulation for various investigative purposes.
Parth Agrawal is a Security Researcher at CyberWarFare Labs, specializing in Cloud Security across AWS, Azure, and GCP. He focuses on designing hands-on challenges and cloud architectures centered around IAM misconfigurations, threat detection, and deceptive defense mechanisms. His work involves simulating real-world attack scenarios and automating cloud infrastructure to strengthen detection and response capabilities.