Following attackers’ (Cloud)trail in AWS: Methodology and findings in the wild | Datadog Security Labs
securitylabs.datadoghq.com/articles/following-attackers-trail-in-aws-methodology-findings-in-the-wild/?utm_source=tldrsec.com&utm_medium=newsletter&utm_campaign=tl-dr-sec-204-following-attackers-cloudtrail-ssh-security-tools-secure-by-design
1 Users
0 Comments
3 Highlights
0 Notes
Tags
Top Highlights
During our research, we witnessed one attacker attempt a DescribeInstances API call with a filter for a specific key-name before attempting to create a key pair.
the most common enumeration API calls discovered throughout our hunting activity
Their goal is to gain situational awareness and understand the value and potential of the compromised account.
Ready to highlight and find good content?
Glasp is a social web highlighter that people can highlight and organize quotes and thoughts from the web, and access other like-minded people’s learning.