Real World Case Studies

Public reports of AWS incidents and response that provide a high level of detail.

• AWS incident response story - This article walks through an AWS incident including techniques used by the threat actor and Indicators of Compromise (IoCs)
• AWS cryptomining incident - Step-by-step walkthrough of how the threat actor compromised access keys, established persistence, and initiated crypto mining
• LUCR-3 / Scattered Spider attacks against cloud environments - Breakdown of attacker attributes, lifecycle, techniques, defense evasion, and IoCs
• Public Cloud Security Breaches - Documenting their mistakes so you don't make them