Threat Hunting AWS CloudTrail Logs with Microsoft Sentinel: Real-Time Attack Demo
In today’s cloud-driven landscape, the security of cloud infrastructures is paramount. This presentation focuses on a real-time demonstration of threat hunting in AWS CloudTrail logs using Microsoft Sentinel. The demo will walk attendees through the process of an attacker exploiting a misconfigured reverse-proxy server to query the EC2 metadata service and acquire instance profile keys. These keys are then used to discover, access, and exfiltrate sensitive data from an S3 bucket. Following this, the session will demonstrate how to effectively hunt through AWS CloudTrail logs in Microsoft Sentinel. By leveraging Kusto Query Language (KQL), attendees will learn how to develop detection rules and hunting queries to identify such exploits and enhance their cloud security posture.
Arijit Paul
Arijit Paul is a seasoned cybersecurity professional with extensive experience in cloud security, threat hunting and incident response. With a background in both offensive and defensive security, Arijit specializes in leveraging advanced tools and techniques to protect cloud environments. Currently, Arijit is focused on threat detection and response, helping organizations secure their cloud infrastructures.