ECS Forensics & Incident Response
•
0 likes•18 views
"ECS Forensics & Incident Response" will focus on the importance of implementing an effective incident response plan and the role of ECS (Elastic Container Service) in conducting forensic investigations. The presentation will begin by discussing the current threat landscape and the need for organizations to prepare for security incidents proactively. The speaker will then outline the various phases of incident response, including preparation, identification, containment, eradication, and recovery. The talk will also cover how ECS can be leveraged to perform forensics investigations during the identification phase, with a focus on the various tools and techniques that can be used to gather data and analyze events. The speaker will discuss the challenges associated with conducting forensic investigations in a containerized environment and provide best practices for overcoming these challenges. Finally, the presentation will highlight the importance of collaboration between security teams and other stakeholders within the organization, emphasizing the need for communication and coordination during an incident. Attendees will leave with a deeper understanding of how ECS can play a critical role in incident response and forensics investigations, and with practical tips for improving their organization's security posture.
Report
Share
Report
Share
Download to read offline
Recommended
EKS Forensics & Incident Response.pdf
"EKS Forensics & Incident Response" will explore the critical role of Elastic Kubernetes Service (EKS) in incident response and forensic investigations. The presentation will begin by discussing the current threat landscape and the need for organizations to have a well-defined incident response plan in place to mitigate risks effectively.
The speaker will then delve into the various phases of incident response, including preparation, identification, containment, eradication, and recovery. The focus will be on how EKS can be leveraged to perform forensics investigations during the identification phase, with an emphasis on the tools and techniques available for gathering data and analyzing events.
The talk will also cover the unique challenges associated with conducting forensic investigations in a containerized environment and the strategies for overcoming these challenges. Attendees will learn how EKS can facilitate forensic investigations in containerized environments by providing rich telemetry data, monitoring tools, and analysis capabilities.
Finally, the presentation will emphasize the importance of communication and collaboration between security teams and other stakeholders in the organization during an incident. Attendees will leave with a deeper understanding of how EKS can play a vital role in incident response and forensics investigations, and practical strategies for improving their organization's security posture.
Ultimate Guide to Incident Response in AWS.pdf
Investigating a security compromise in AWS can be a dizzying prospect.
There are (as of writing) over 200 services in AWS. To make matters worse,
different services log in different formats to different locations. Some will write
to CloudTrail, some to CloudWatch. Others display logs directly in a custom
console, or an S3 bucket.
Below, we’ve tried to cover the AWS services you are most likely to encounter
during security incidents in AWS. We’ve also included pointers on where to go
for more information on investigating and recovering from incidents in the
various services.
Deliver Docker Containers Continuously on AWS - QCon 2017
With Docker it became easy to start applications locally without installing any dependencies. Even running a local cluster is not a big thing anymore.
AWS on the other side offers with ECS a managed container service that starts to schedule containers based on resource needs, isolation policies, and availability requirements.
Sounds good, but is it really that easy? In this talk, you'll get an overview of ECS and all other services that are needed to run your containers in production. Philipp shows how an ECS cluster and your containerized applications can automatically be deployed and scaled. He also shares his experiences and discusses what features are still missing.
Securing Containerized Workloads on Amazon ECs
Originally created for the session titled "Securing Containerized Workloads on ECS" @ the August Monthly Meetup of AWS User Group - Colombo [31/08/2023]
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Alfonso described how Weave open source projects (Weave Net and Weave Scope) can help with networking, visualization, and control for ECS. Specifically, Weave acts as a key communicator for networking containers with its multi-host overlay and additional features (including automatic DNS service discovery and multicast).
StorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UK
StorageOS' Karolis Rusenas discusses why storage for containers shouldn't be annoying at Container Camp UK.
Docker clusters on AWS with Amazon ECS and Kubernetes
This document summarizes and compares Docker container management on AWS using Amazon ECS and Kubernetes. It provides an overview of ECS and ECR services, new features, customer case studies including Coursera and Segment, and resources for learning more. It also introduces Kubernetes as an open source container orchestrator, describes its architecture including pods, labels, replica sets, deployments and services. KOPS is presented as a tool for deploying and managing Kubernetes clusters on AWS. The Cloud Native Computing Foundation is discussed along with AWS' involvement to promote cloud native technologies.
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Meetup organized by the AWS and CNCF folks to go through the latest container related announcements in AWS land
Recommended
EKS Forensics & Incident Response.pdf
"EKS Forensics & Incident Response" will explore the critical role of Elastic Kubernetes Service (EKS) in incident response and forensic investigations. The presentation will begin by discussing the current threat landscape and the need for organizations to have a well-defined incident response plan in place to mitigate risks effectively.
The speaker will then delve into the various phases of incident response, including preparation, identification, containment, eradication, and recovery. The focus will be on how EKS can be leveraged to perform forensics investigations during the identification phase, with an emphasis on the tools and techniques available for gathering data and analyzing events.
The talk will also cover the unique challenges associated with conducting forensic investigations in a containerized environment and the strategies for overcoming these challenges. Attendees will learn how EKS can facilitate forensic investigations in containerized environments by providing rich telemetry data, monitoring tools, and analysis capabilities.
Finally, the presentation will emphasize the importance of communication and collaboration between security teams and other stakeholders in the organization during an incident. Attendees will leave with a deeper understanding of how EKS can play a vital role in incident response and forensics investigations, and practical strategies for improving their organization's security posture.
Ultimate Guide to Incident Response in AWS.pdf
Investigating a security compromise in AWS can be a dizzying prospect.
There are (as of writing) over 200 services in AWS. To make matters worse,
different services log in different formats to different locations. Some will write
to CloudTrail, some to CloudWatch. Others display logs directly in a custom
console, or an S3 bucket.
Below, we’ve tried to cover the AWS services you are most likely to encounter
during security incidents in AWS. We’ve also included pointers on where to go
for more information on investigating and recovering from incidents in the
various services.
Deliver Docker Containers Continuously on AWS - QCon 2017
With Docker it became easy to start applications locally without installing any dependencies. Even running a local cluster is not a big thing anymore.
AWS on the other side offers with ECS a managed container service that starts to schedule containers based on resource needs, isolation policies, and availability requirements.
Sounds good, but is it really that easy? In this talk, you'll get an overview of ECS and all other services that are needed to run your containers in production. Philipp shows how an ECS cluster and your containerized applications can automatically be deployed and scaled. He also shares his experiences and discusses what features are still missing.
Securing Containerized Workloads on Amazon ECs
Originally created for the session titled "Securing Containerized Workloads on ECS" @ the August Monthly Meetup of AWS User Group - Colombo [31/08/2023]
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Alfonso described how Weave open source projects (Weave Net and Weave Scope) can help with networking, visualization, and control for ECS. Specifically, Weave acts as a key communicator for networking containers with its multi-host overlay and additional features (including automatic DNS service discovery and multicast).
StorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UK
StorageOS' Karolis Rusenas discusses why storage for containers shouldn't be annoying at Container Camp UK.
Docker clusters on AWS with Amazon ECS and Kubernetes
This document summarizes and compares Docker container management on AWS using Amazon ECS and Kubernetes. It provides an overview of ECS and ECR services, new features, customer case studies including Coursera and Segment, and resources for learning more. It also introduces Kubernetes as an open source container orchestrator, describes its architecture including pods, labels, replica sets, deployments and services. KOPS is presented as a tool for deploying and managing Kubernetes clusters on AWS. The Cloud Native Computing Foundation is discussed along with AWS' involvement to promote cloud native technologies.
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Meetup organized by the AWS and CNCF folks to go through the latest container related announcements in AWS land
Securing Containerized Applications: A Primer
A talk given at Devoxx Morocco on Wednesday, November 13, 2019. In this talk a very insecure sample (demo) application is used to explain the various security principles application developers can apply when using containers and Kubernetes--from image sourcing, content, scanning to resource controls, attack surface mitigation, and reducing privilege for containers.
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Mit Docker ist es einfach geworden, Applikationen lokal zu starten, ohne zusätzliche Abhängigkeiten installieren zu müssen. Einen Cluster auf seinem eigenen Rechner laufen zu lassen ist kein großes Ding mehr. Mit ECS bietet AWS einen Container-Management-Service für die Cloud an, der verspricht, Container entsprechend ihrem Ressourcenbedarf und Verfügbarkeitserfordernissen automatisch im Cluster zu platzieren.
Aber was passiert dazwischen? Und ist es wirklich so einfach?
In diesem Talk werden wir betrachten, welche existierenden Services von AWS verwendet werden können, um Container automatisch zu deployen, und was zusätzlich alles benötigt wird, um sie im Betrieb laufen zu lassen.
A New Perspective on Resource-Level Cloud Forensics
AWS classifies cloud incidents across three domains: Service, Infrastructure and Application. There has been much previous discussion across the Service and Application domains, see for example the excellent SANS DFIR 2022 Keynote. This talk will focus on the unique challenges and opportunities of responding to incidents in the Infrastructure domain. Cloud Service Providers, such as AWS, GCP and Azure, often introduce artifacts of forensic value when developing features for automation and monitoring of resources. Typically, these artifacts are undocumented and exist purely for the provider's own troubleshooting, but they also provide valuable insight to an investigator analyzing malicious activity on a system. Frequently, this insight surpasses that of “provider-supported” forensic data sources. Most of the discourse around performing forensics in the cloud focuses on provider-level logging. While this is undoubtedly useful, practitioners understand that resource-level forensic analysis is crucial when responding to incidents affecting cloud infrastructure. And much of this knowledge remains opaque and undocumented. In this presentation, Chris Doman, CTO of Cado Security will present novel research of undocumented forensic artifacts from cloud service provider specific operating systems and tools. He will provide the audience with an overview of forensic techniques across cloud compute and serverless environments. He will also discuss native operating system artifacts, contrast them with their cloud equivalents and consider their usefulness in the context of the cloud. Attendees can expect to gain a unique perspective on resource-level cloud forensics and should leave the talk with a host of new data sources and knowledge for performing forensic analysis of cloud resources.
Machine learning at scale with aws sage maker
The document discusses machine learning at scale using serverless architectures on AWS, including a reference architecture using Amazon SageMaker, AWS Lambda, and other services, and details of experiments conducted to test performance, scalability, and operational aspects of deploying machine learning models with a serverless approach. It also covers monitoring metrics, deployment strategies, and using AWS services like X-Ray, CloudWatch, and CodePipeline to enable continuous deployment of machine learning models.
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
With Docker it became easy to start applications locally without installing any dependencies. Even running a local cluster is not a big thing anymore. AWS on the other side offers with ECS a managed container service that states to schedule containers based on resource needs, isolation policies and availability requirements. But what happens between? Is it really that easy? In this talk you’ll see which existing services can already be used to deploy your containers automatically and what still needs to be done to get them running on AWS.
Amazon EC2 - Masterclass - Pop-up Loft Tel Aviv
The document provides an overview of Amazon EC2, including:
1. It discusses Amazon EC2 concepts such as regions, availability zones, and instance types.
2. It covers data storage options for EC2 including instance store, EBS volumes, snapshots, and encryption.
3. It discusses EC2 networking components like VPC, subnets, security groups, load balancers and peering.
4. It provides an introduction to monitoring EC2 with CloudWatch, including metrics, logs and alarms.
5. It touches on security and access control using IAM roles and key pairs.
6. It outlines different deployment strategies like baking AMIs, configuring dynamically, and using auto scaling
Phil Basford - machine learning at scale with aws sage maker
The document discusses a machine learning endpoint architecture experiment conducted using Amazon SageMaker. Key aspects covered include:
- The reference architecture used Amazon SageMaker endpoints running Docker containers with inference engines like XGBoost and TensorFlow.
- An experiment tested endpoint scaling and performance under load using Artillery. It found endpoints automatically scaled to two instances and each could handle high request volumes, but starting a new instance took 7 minutes.
- Analysis of CloudWatch logs determined that instances handled load evenly and autoscaled as needed when an instance terminated.
Max Körbächer - AWS EKS and beyond master your Kubernetes deployment on AWS -...
Kubernetes (K8s) is on everyone’s lips, but it is easy to experience pitfalls during the development of a K8s cluster. In this talk we will give you an introduction of AWS EKS (Elastic Container Service for Kubernetes), the managed service for deploying and operate Kubernetes on AWS resources, and how you can reach a production readiness. This seamless integration of K8s into the AWS environment allows you a rapid application development assuming architectural concepts of microservice and serverless architecture.
Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...
Kubernetes (K8s) is on everyone’s lips, but it is easy to experience pitfalls during the development of a K8s cluster. In this talk we will give you an introduction of AWS EKS (Elastic Container Service for Kubernetes), the managed service for deploying and operate Kubernetes on AWS resources, and how you can reach a production readiness. This seamless integration of K8s into the AWS environment allows you a rapid application development assuming architectural concepts of microservice and serverless architecture.
AWS Atlanta meetup Build Tools - Code Commit, Code Build, Code Deploy
These are the slides from the May 19 meetup presentation for the AWS Atlanta Meetup group covering the AWS Coding and Build tools provided by AWS.
How to implement DevSecOps on AWS for startups
This document discusses how to implement DevSecOps on AWS for startups. It covers:
- Key principles of DevSecOps like everyone being responsible for security and shifting security left
- The tools and services used in their pipeline including Packer, Terraform, Ansible, SonarQube, AWS Inspector, GuardDuty, and WAF
- How they established policies, used a multi-account approach, implemented access management, and focused on security culture and monitoring
- Their plans to further improve using AWS Config, perform penetration testing, and meet standards like OWASP and PCI DSS
Developer Experience at the Guardian, Equal Experts Sept 2021
The Guardian Developer Experience team’s mission statement is to “Enable teams to focus on delivering value at lightning speed by streamlining infrastructure management”.
In this session, the Guardian will describe how we’re working to fulfil our mission; we’ll give a brief history and a glimpse into the future.
AWS Summit Nordics - Getting Started With AWS
Getting Started with AWS provides an overview of key AWS services for getting started, including:
1) Setting up an AWS account and creating IAM users for access management.
2) Generating a key pair for logging into EC2 instances securely.
3) Launching an EC2 instance, installing software, and making it publicly accessible via a security group.
4) Creating an AMI from the instance for reusable deployments.
5) Next steps like using ELB, Auto Scaling, and RDS.
Building Open Source Platforms on AWS (April 2017)
The document provides an overview of building open source platforms on AWS. It discusses using AWS services like EC2, RDS, ElastiCache, and S3 to run popular open source software like Linux, Docker, databases, analytics tools, and development frameworks. It provides links to AWS documentation and quick start guides on deploying solutions like Elasticsearch, Kafka, and Hadoop on AWS infrastructure.
Artem Zhurbila - docker clusters (solit 2015)
About docker cluster management tools
1. Base concepts of cluster
management and docker
2. Docker Swarm
3. Amazon EC2 Container Service
4. Kubernetes
5. Mesosphere
A 60-minute tour of AWS Compute (November 2016)
This document summarizes a 60-minute tour of AWS compute services, including Amazon EC2, Elastic Beanstalk, EC2 Container Service, and AWS Lambda. It provides an overview of each service, including its core capabilities and use cases. Examples and demos are shown for Elastic Beanstalk, EC2 Container Service, and AWS Lambda. Additional resources are referenced for going deeper with ECS and Lambda.
Lines of Defense - Securing your Kubernetes Clusters by Koray Oksay
Session at ContainerDay Security 2023 on the 8th of March in Hamburg.
Kubernetes has become the de facto standard for container orchestration, and it is being widely adopted by organizations of all sizes. However, as with any complex system, there are a number of security challenges that need to be addressed in order to properly secure a Kubernetes deployment.
In his talk, Koray will first show you some security problem areas in Kubernetes and then give an overview of various security tools such as image screening and auditing. You will learn how to run Kubernetes clusters securely and how to proactively counteract security challenges.
February 2016 Webinar Series - EC2 Container Service Deep Dive
This document provides an overview of Amazon EC2 Container Service (ECS) including benefits of containers and ECS, ECS clusters, tasks, services, monitoring, logging, auto-scaling, provisioning with CloudFormation, container image management with ECR, and example solutions built on ECS like Elastic Beanstalk and Convox. Key aspects covered include using ECS clusters to dynamically run and scale containerized applications, defining reusable tasks and long-running services, integrating with other AWS services for monitoring, auto-scaling and service discovery, and deploying containerized applications on ECS.
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
Containers have had an incredibly large adoption rate since Docker was launched, especially from the developer community, as it provides an easy way to package, ship, and run applications. Securing your container-based application is now becoming a critical issue as applications move from development into production. In this session, you learn ways to implement storing secrets, distributing AWS privileges using IAM roles, protecting your container-based applications with vulnerability scans of container images, and incorporating automated checks into your continuous delivery workflow.
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
This document discusses securing container-based applications. It covers container and OS security best practices like using Linux namespaces and cgroups for isolation, reducing the container attack surface, and hardening container images. It also discusses securing the container lifecycle through vulnerability scanning, configuration governance with Amazon ECS, and using secrets management. Finally, it shows how to automate security deployments through the CI/CD pipeline and tools like CloudFormation and CodeDeploy.
Five Reasons Why You Need Cloud Investigation & Response Automation
With more than 60% of corporate data currently stored in the cloud, cloud computing has influenced a true renaissance in how we manage and deliver applications and services. The appeal of migrating to the cloud is clear – greater speed, agility, flexibility, cost savings, and more. However, digital transformation also poses new security challenges -- especially when it comes to forensics and incident response.
This white paper covers five reasons why you need Cloud Investigation and Response Automation to ensure your organization is equipped to efficiently understand and respond to cloud threats.
Developers are there, attackers are there, you need to be there too!
Cloud experts are hard to find
Risk escalates at cloud speed
Multi-cloud is on the rise
Ephemeral means data
disappears in the blink of an eye
Azure Incident Response Cheat Sheet.pdf
This document provides an overview of tools and best practices for incident response in an Azure environment. It summarizes key Azure Active Directory commands for identifying and deactivating compromised user accounts. It also outlines how to identify legacy authentication methods, applications using AD authentication, and snapshots that can be used for forensics. Additional sections cover extracting logs from Azure, restricting administrative access, requiring multi-factor authentication, and enabling logging.
More Related Content
Similar to ECS Forensics & Incident Response
Securing Containerized Applications: A Primer
A talk given at Devoxx Morocco on Wednesday, November 13, 2019. In this talk a very insecure sample (demo) application is used to explain the various security principles application developers can apply when using containers and Kubernetes--from image sourcing, content, scanning to resource controls, attack surface mitigation, and reducing privilege for containers.
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Mit Docker ist es einfach geworden, Applikationen lokal zu starten, ohne zusätzliche Abhängigkeiten installieren zu müssen. Einen Cluster auf seinem eigenen Rechner laufen zu lassen ist kein großes Ding mehr. Mit ECS bietet AWS einen Container-Management-Service für die Cloud an, der verspricht, Container entsprechend ihrem Ressourcenbedarf und Verfügbarkeitserfordernissen automatisch im Cluster zu platzieren.
Aber was passiert dazwischen? Und ist es wirklich so einfach?
In diesem Talk werden wir betrachten, welche existierenden Services von AWS verwendet werden können, um Container automatisch zu deployen, und was zusätzlich alles benötigt wird, um sie im Betrieb laufen zu lassen.
A New Perspective on Resource-Level Cloud Forensics
AWS classifies cloud incidents across three domains: Service, Infrastructure and Application. There has been much previous discussion across the Service and Application domains, see for example the excellent SANS DFIR 2022 Keynote. This talk will focus on the unique challenges and opportunities of responding to incidents in the Infrastructure domain. Cloud Service Providers, such as AWS, GCP and Azure, often introduce artifacts of forensic value when developing features for automation and monitoring of resources. Typically, these artifacts are undocumented and exist purely for the provider's own troubleshooting, but they also provide valuable insight to an investigator analyzing malicious activity on a system. Frequently, this insight surpasses that of “provider-supported” forensic data sources. Most of the discourse around performing forensics in the cloud focuses on provider-level logging. While this is undoubtedly useful, practitioners understand that resource-level forensic analysis is crucial when responding to incidents affecting cloud infrastructure. And much of this knowledge remains opaque and undocumented. In this presentation, Chris Doman, CTO of Cado Security will present novel research of undocumented forensic artifacts from cloud service provider specific operating systems and tools. He will provide the audience with an overview of forensic techniques across cloud compute and serverless environments. He will also discuss native operating system artifacts, contrast them with their cloud equivalents and consider their usefulness in the context of the cloud. Attendees can expect to gain a unique perspective on resource-level cloud forensics and should leave the talk with a host of new data sources and knowledge for performing forensic analysis of cloud resources.
Machine learning at scale with aws sage maker
The document discusses machine learning at scale using serverless architectures on AWS, including a reference architecture using Amazon SageMaker, AWS Lambda, and other services, and details of experiments conducted to test performance, scalability, and operational aspects of deploying machine learning models with a serverless approach. It also covers monitoring metrics, deployment strategies, and using AWS services like X-Ray, CloudWatch, and CodePipeline to enable continuous deployment of machine learning models.
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
With Docker it became easy to start applications locally without installing any dependencies. Even running a local cluster is not a big thing anymore. AWS on the other side offers with ECS a managed container service that states to schedule containers based on resource needs, isolation policies and availability requirements. But what happens between? Is it really that easy? In this talk you’ll see which existing services can already be used to deploy your containers automatically and what still needs to be done to get them running on AWS.
Amazon EC2 - Masterclass - Pop-up Loft Tel Aviv
The document provides an overview of Amazon EC2, including:
1. It discusses Amazon EC2 concepts such as regions, availability zones, and instance types.
2. It covers data storage options for EC2 including instance store, EBS volumes, snapshots, and encryption.
3. It discusses EC2 networking components like VPC, subnets, security groups, load balancers and peering.
4. It provides an introduction to monitoring EC2 with CloudWatch, including metrics, logs and alarms.
5. It touches on security and access control using IAM roles and key pairs.
6. It outlines different deployment strategies like baking AMIs, configuring dynamically, and using auto scaling
Phil Basford - machine learning at scale with aws sage maker
The document discusses a machine learning endpoint architecture experiment conducted using Amazon SageMaker. Key aspects covered include:
- The reference architecture used Amazon SageMaker endpoints running Docker containers with inference engines like XGBoost and TensorFlow.
- An experiment tested endpoint scaling and performance under load using Artillery. It found endpoints automatically scaled to two instances and each could handle high request volumes, but starting a new instance took 7 minutes.
- Analysis of CloudWatch logs determined that instances handled load evenly and autoscaled as needed when an instance terminated.
Max Körbächer - AWS EKS and beyond master your Kubernetes deployment on AWS -...
Kubernetes (K8s) is on everyone’s lips, but it is easy to experience pitfalls during the development of a K8s cluster. In this talk we will give you an introduction of AWS EKS (Elastic Container Service for Kubernetes), the managed service for deploying and operate Kubernetes on AWS resources, and how you can reach a production readiness. This seamless integration of K8s into the AWS environment allows you a rapid application development assuming architectural concepts of microservice and serverless architecture.
Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...
Kubernetes (K8s) is on everyone’s lips, but it is easy to experience pitfalls during the development of a K8s cluster. In this talk we will give you an introduction of AWS EKS (Elastic Container Service for Kubernetes), the managed service for deploying and operate Kubernetes on AWS resources, and how you can reach a production readiness. This seamless integration of K8s into the AWS environment allows you a rapid application development assuming architectural concepts of microservice and serverless architecture.
AWS Atlanta meetup Build Tools - Code Commit, Code Build, Code Deploy
These are the slides from the May 19 meetup presentation for the AWS Atlanta Meetup group covering the AWS Coding and Build tools provided by AWS.
How to implement DevSecOps on AWS for startups
This document discusses how to implement DevSecOps on AWS for startups. It covers:
- Key principles of DevSecOps like everyone being responsible for security and shifting security left
- The tools and services used in their pipeline including Packer, Terraform, Ansible, SonarQube, AWS Inspector, GuardDuty, and WAF
- How they established policies, used a multi-account approach, implemented access management, and focused on security culture and monitoring
- Their plans to further improve using AWS Config, perform penetration testing, and meet standards like OWASP and PCI DSS
Developer Experience at the Guardian, Equal Experts Sept 2021
The Guardian Developer Experience team’s mission statement is to “Enable teams to focus on delivering value at lightning speed by streamlining infrastructure management”.
In this session, the Guardian will describe how we’re working to fulfil our mission; we’ll give a brief history and a glimpse into the future.
AWS Summit Nordics - Getting Started With AWS
Getting Started with AWS provides an overview of key AWS services for getting started, including:
1) Setting up an AWS account and creating IAM users for access management.
2) Generating a key pair for logging into EC2 instances securely.
3) Launching an EC2 instance, installing software, and making it publicly accessible via a security group.
4) Creating an AMI from the instance for reusable deployments.
5) Next steps like using ELB, Auto Scaling, and RDS.
Building Open Source Platforms on AWS (April 2017)
The document provides an overview of building open source platforms on AWS. It discusses using AWS services like EC2, RDS, ElastiCache, and S3 to run popular open source software like Linux, Docker, databases, analytics tools, and development frameworks. It provides links to AWS documentation and quick start guides on deploying solutions like Elasticsearch, Kafka, and Hadoop on AWS infrastructure.
Artem Zhurbila - docker clusters (solit 2015)
About docker cluster management tools
1. Base concepts of cluster
management and docker
2. Docker Swarm
3. Amazon EC2 Container Service
4. Kubernetes
5. Mesosphere
A 60-minute tour of AWS Compute (November 2016)
This document summarizes a 60-minute tour of AWS compute services, including Amazon EC2, Elastic Beanstalk, EC2 Container Service, and AWS Lambda. It provides an overview of each service, including its core capabilities and use cases. Examples and demos are shown for Elastic Beanstalk, EC2 Container Service, and AWS Lambda. Additional resources are referenced for going deeper with ECS and Lambda.
Lines of Defense - Securing your Kubernetes Clusters by Koray Oksay
Session at ContainerDay Security 2023 on the 8th of March in Hamburg.
Kubernetes has become the de facto standard for container orchestration, and it is being widely adopted by organizations of all sizes. However, as with any complex system, there are a number of security challenges that need to be addressed in order to properly secure a Kubernetes deployment.
In his talk, Koray will first show you some security problem areas in Kubernetes and then give an overview of various security tools such as image screening and auditing. You will learn how to run Kubernetes clusters securely and how to proactively counteract security challenges.
February 2016 Webinar Series - EC2 Container Service Deep Dive
This document provides an overview of Amazon EC2 Container Service (ECS) including benefits of containers and ECS, ECS clusters, tasks, services, monitoring, logging, auto-scaling, provisioning with CloudFormation, container image management with ECR, and example solutions built on ECS like Elastic Beanstalk and Convox. Key aspects covered include using ECS clusters to dynamically run and scale containerized applications, defining reusable tasks and long-running services, integrating with other AWS services for monitoring, auto-scaling and service discovery, and deploying containerized applications on ECS.
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
Containers have had an incredibly large adoption rate since Docker was launched, especially from the developer community, as it provides an easy way to package, ship, and run applications. Securing your container-based application is now becoming a critical issue as applications move from development into production. In this session, you learn ways to implement storing secrets, distributing AWS privileges using IAM roles, protecting your container-based applications with vulnerability scans of container images, and incorporating automated checks into your continuous delivery workflow.
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
This document discusses securing container-based applications. It covers container and OS security best practices like using Linux namespaces and cgroups for isolation, reducing the container attack surface, and hardening container images. It also discusses securing the container lifecycle through vulnerability scanning, configuration governance with Amazon ECS, and using secrets management. Finally, it shows how to automate security deployments through the CI/CD pipeline and tools like CloudFormation and CodeDeploy.
Similar to ECS Forensics & Incident Response (20)
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
A New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud Forensics
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Phil Basford - machine learning at scale with aws sage maker
Phil Basford - machine learning at scale with aws sage maker
Max Körbächer - AWS EKS and beyond master your Kubernetes deployment on AWS -...
Max Körbächer - AWS EKS and beyond master your Kubernetes deployment on AWS -...
Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...
Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...
AWS Atlanta meetup Build Tools - Code Commit, Code Build, Code Deploy
AWS Atlanta meetup Build Tools - Code Commit, Code Build, Code Deploy
Developer Experience at the Guardian, Equal Experts Sept 2021
Developer Experience at the Guardian, Equal Experts Sept 2021
Building Open Source Platforms on AWS (April 2017)
Building Open Source Platforms on AWS (April 2017)
Lines of Defense - Securing your Kubernetes Clusters by Koray Oksay
Lines of Defense - Securing your Kubernetes Clusters by Koray Oksay
February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
More from Christopher Doman
Five Reasons Why You Need Cloud Investigation & Response Automation
With more than 60% of corporate data currently stored in the cloud, cloud computing has influenced a true renaissance in how we manage and deliver applications and services. The appeal of migrating to the cloud is clear – greater speed, agility, flexibility, cost savings, and more. However, digital transformation also poses new security challenges -- especially when it comes to forensics and incident response.
This white paper covers five reasons why you need Cloud Investigation and Response Automation to ensure your organization is equipped to efficiently understand and respond to cloud threats.
Developers are there, attackers are there, you need to be there too!
Cloud experts are hard to find
Risk escalates at cloud speed
Multi-cloud is on the rise
Ephemeral means data
disappears in the blink of an eye
Azure Incident Response Cheat Sheet.pdf
This document provides an overview of tools and best practices for incident response in an Azure environment. It summarizes key Azure Active Directory commands for identifying and deactivating compromised user accounts. It also outlines how to identify legacy authentication methods, applications using AD authentication, and snapshots that can be used for forensics. Additional sections cover extracting logs from Azure, restricting administrative access, requiring multi-factor authentication, and enabling logging.
AWS Incident Response Cheat Sheet.pdf
With the rapid migration to the cloud,
it’s becoming increasingly difficult to keep track
of all of the different data sources, commands,
and tools available from each Cloud Service
Provider (CSP). This cheat sheet was designed
to provide security professionals with an overview
of key best practices, data sources and tools that
they can have at their disposal when responding
to an incident in an AWS environment.
Cloud Forensics Tools
This document lists several cloud forensics tools including Cloud Forensics Utils from Google which is an open source toolkit for analyzing cloud services, Prowler which is an open source tool for security assessment of AWS environments, varc which is a tool from Cado Security for analyzing AWS VPC flow logs, and ThreatResponse which is a cloud-based platform for investigating security incidents and automating response. It also mentions Cado Response which is a commercial platform from Cado Security and an automated forensics orchestrator for Amazon EC2 from AWS.
Cloud Forensics and Incident Response Training.pdf
The document provides an overview of a free training program from Cado Security that covers cloud forensics and incident response fundamentals for AWS, Azure, and GCP, including topics such as digital forensics principles, investigative models, incident response planning, gathering an incident response team, running investigations, and containment and remediation. It also promotes Cado Security's incident response platform for investigating incidents at cloud speed.
AWS Guard Duty Forensics & Incident Response.pdf
"AWS Guard Duty Forensics & Incident Response" provides an overview of the AWS Guard Duty service and its forensic capabilities. AWS Guard Duty is a managed threat detection service that continuously monitors the AWS environment for potential malicious activity. The talk focuses on how Guard Duty can be used for incident response by providing detailed forensic data that can be used to investigate security incidents.
AWS IAM Forensics & Incident Response
In today's cloud-based infrastructure, AWS IAM (Identity and Access Management) is one of the most critical components for ensuring security. However, despite the many safeguards in place, IAM-related incidents can occur, ranging from simple misconfigurations to full-blown attacks. In this talk, we will discuss how to perform forensics and incident response for AWS IAM. We will cover the tools and techniques necessary to investigate and identify root causes of IAM incidents. We will also discuss how to mitigate and remediate incidents, as well as how to implement proactive measures to prevent future incidents. By the end of this talk, attendees will have a better understanding of how to effectively handle AWS IAM-related incidents and ensure the security of their AWS environments.
AWS Forensics & Incident Response
Participants will learn how to:
Understand AWS security features and best practices
Conduct forensics investigations in AWS environments
Identify and collect relevant data for investigations
Analyze AWS logs to identify indicators of compromise
Respond to security incidents in AWS
Lambda Forensics & Incident Response.pdf
This talk will focus on the use of AWS Lambda for incident response and forensics. AWS Lambda is a serverless computing service that allows developers to run code without the need for traditional infrastructure. However, this serverless approach can make it challenging to conduct investigations and respond to incidents. In this talk, we will discuss the tools and techniques available for collecting and analyzing data in Lambda environments. We will also cover how to use AWS CloudTrail and AWS Config for real-time threat detection and response. Additionally, we will discuss best practices for securing Lambda functions and preventing incidents from occurring in the first place. Attendees will come away with a solid understanding of how to use Lambda for incident response and forensics and be better equipped to handle security incidents in serverless environments.
Case Studies Denonia - Lambda DFIR.pdf
This talk covers an example of DFIR / responding to an attack in AWS Lambda. It focuses on the malware Denonia.
Cloud Security Fundamentals for Forensics and Incident Response.pdf
As organizations continue to adopt cloud-based infrastructures, the need for effective cloud security measures has become increasingly important. In this talk, we will discuss the fundamentals of cloud security as it pertains to forensics and incident response. We will cover topics such as cloud service models, shared responsibility models, and the various security controls available within cloud environments. We will also discuss common cloud security incidents and how to perform effective incident response and forensics in the cloud. Attendees will leave with a better understanding of how to secure their cloud environments and effectively respond to incidents when they occur.
AWS Detective Forensics & Incident Response.pdf
The AWS Detective Forensics & Incident Response talk will focus on the benefits of using AWS Detective for forensic analysis and incident response. The talk will provide an overview of AWS Detective and its capabilities, including how it can help investigate security incidents and provide visual representations of the investigation results. The talk will also cover key considerations and best practices for implementing effective incident response processes using AWS Detective, such as setting up AWS Detective and integrating it with other AWS services. Additionally, the talk will delve into the importance of forensic analysis in identifying the root cause of security incidents and how AWS Detective can help perform effective forensic investigations. The talk will also include examples of how AWS Detective has been used to detect and remediate security incidents in real-world scenarios, and best practices for using AWS Detective to improve overall security posture.
Google Cloud Forensics & Incident Response
Google Cloud Platform (GCP) provides a variety of services that enable businesses to manage their computing resources in the cloud. However, as with any cloud platform, incidents and cyberattacks can occur, which can compromise the security and privacy of data.
In this talk, we will discuss the process of conducting forensics and incident response investigations on the GCP. We will begin by providing an overview of the GCP security model and the tools available for monitoring and managing security incidents.
We will then dive into the different types of incidents that can occur on the GCP, such as data breaches, unauthorized access, and malware infections. We will cover how to identify these incidents and gather the necessary information for forensic investigation.
Next, we will discuss the forensic investigation process for the GCP. We will cover topics such as evidence collection and preservation, analysis of logs and network traffic, and identification of the root cause of the incident.
Finally, we will discuss best practices for incident response on the GCP, including how to contain and mitigate the impact of an incident, and how to communicate the incident to stakeholders.
GKE Forensics & Incident Response.pdf
This document discusses Google Kubernetes Engine (GKE) forensics and incident response. It provides a link to the GKE documentation on cluster architecture and mentions Cado Security's incident response platform, which offers a free 14-day trial to access unlimited use of their response tools.
AWS SSM Forensics and Incident Response
The document discusses AWS SSM forensics and incident response. It provides three links about AWS SSM logging - one detailing what logging is available in the AWS SSM console, another describing what SSM logs are stored on disk, and a third promoting a 14-day free trial of the Cado Response Platform for incident investigation.
Kubernetes Docker Forensics & Incident Response.pdf
The talk "Kubernetes and Docker Forensics & Incident Response" will focus on the Digital Forensics and Incident Response (DFIR) investigation of containerized environments using Kubernetes and Docker. With the increasing adoption of containerization technologies, it is crucial for organizations to have a robust security strategy in place to handle security incidents.
This talk will cover the key concepts of containerization technologies such as Docker and Kubernetes, and their security implications. We will discuss the forensic techniques and methodologies that can be used to identify the root cause of security incidents in these environments, including container forensics, network traffic analysis, and memory forensics.
The talk will also provide insights into the challenges and limitations of conducting a DFIR investigation in a containerized environment, such as the ephemeral nature of containers and the need for specialized tooling.
Attendees will learn about the best practices for implementing logging and monitoring in Docker and Kubernetes environments, as well as the importance of having a well-defined incident response plan for containerized environments.
Overall, this talk will provide valuable insights into the DFIR investigation of containerized environments using Kubernetes and Docker, and how organizations can better prepare themselves to respond to security incidents in these environments.
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
The talk "Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR" goes into the incident response investigation into a container cryptomining worm attack perpetrated by the hacking group TeamTNT. The presentation will focus on the use of AWS and container technology in the attack and how these tools were leveraged in the investigation. Attendees will learn about the tools and techniques used to identify and contain the attack, as well as lessons learned from the incident response. The presentation will cover the importance of monitoring container environments for security threats and implementing best practices for AWS security. Additionally the talk will highlight the use of machine learning and automation in the incident response process. By the end of the presentation, attendees will gain a better understanding of the challenges and opportunities of conducting DFIR investigations in cloud environments and with container technology.
EC2 Forensics & Incident Response.pdf
"EC2 Forensics & Incident Response" will focus on the crucial role of Elastic Compute Cloud (EC2) in incident response and forensics investigations. The presentation will begin by discussing the current threat landscape and the need for organizations to have a robust incident response plan in place to effectively mitigate security risks.
The speaker will then outline the various phases of incident response, including preparation, identification, containment, eradication, and recovery. The talk will emphasize how EC2 can be leveraged to perform forensics investigations during the identification phase, with a focus on the tools and techniques available for collecting data and analyzing events.
The presentation will also cover the unique challenges associated with conducting forensic investigations in the EC2 environment and the strategies for overcoming these challenges. Attendees will learn how to use EC2 monitoring and analysis tools to collect and preserve evidence during investigations.
Azure Forensics & Incident Response
This talk will focus on the use of Microsoft Azure for incident response and forensics. As more organizations move their infrastructure to the cloud, it is important to understand how to effectively respond to security incidents in these environments. We will discuss the tools and techniques available in Azure for collecting and analyzing data during an incident response. We will also cover how to use Azure Security Center and Azure Sentinel for real-time threat detection and response. Additionally, we will cover best practices for securing Azure resources and preventing incidents from occurring in the first place. Attendees will come away with a solid understanding of how to use Azure for incident response and forensics and be better equipped to handle security incidents in the cloud.
Azure Kubernetes Service (AKS) Forensics & Incident Response
"Azure Kubernetes Service (AKS) Forensics & Incident Response" will cover the various aspects of Kubernetes security, the different types of attacks that can occur, and how to conduct a forensics investigation and respond to incidents on Azure Kubernetes Service (AKS). The talk will discuss the best practices for securing AKS, including how to configure network policies, manage access control, and monitor logs for suspicious activity. It will also cover the tools and techniques that can be used for incident response, such as identifying the root cause of an incident, isolating affected nodes, and collecting evidence for forensic analysis. The audience will gain a deeper understanding of Kubernetes security, how to secure AKS, and how to effectively respond to incidents in the event of a security breach.
More from Christopher Doman (20)
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
Cloud Forensics and Incident Response Training.pdf
Cloud Forensics and Incident Response Training.pdf
Cloud Security Fundamentals for Forensics and Incident Response.pdf
Cloud Security Fundamentals for Forensics and Incident Response.pdf
Kubernetes Docker Forensics & Incident Response.pdf
Kubernetes Docker Forensics & Incident Response.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Azure Kubernetes Service (AKS) Forensics & Incident Response
Azure Kubernetes Service (AKS) Forensics & Incident Response
Recently uploaded
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications.
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
UiPath Test Automation using UiPath Test Suite series, part 5
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Pushing the limits of ePRTC: 100ns holdover for 100 days
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
“I’m still / I’m still / Chaining from the Block”
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Recently uploaded (20)
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
ECS Forensics & Incident Response
- 1. ECS Forensics & Incident Response Cado Security | 1
- 3. How does GuardDuty work with ECS? https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html
- 4. CloudTrail Logs ● Shows: API Level Calls ● Usefulness: Low ● Collected by: S3 Amazon S3 Container Investigation Data Sources in AWS EKS Audit / Control Plane Logs ● Shows: API Level Calls ● Usefulness: Medium ● Collected by: S3 Amazon EC2 - Hosting EKS/ECS Inside Container - EKS/ECS on Fargate/EC2 Docker Logs ● Logs what containers were started, stopped ● Usefulness: Medium ● Collected by: EC2 Import or Cado Host Docker Container Filesystems ● Normally overlay2 versioned filesystem ● Contains all the files from all the containers ● Usefulness: High ● Collected by: EC2 EBS (API) or Cado Host (SSM/SSH) Container Filesystems ● Live filesystem as seen by the container, Memory ● Contains all the files from all the containers ● Usefulness: Very High ● Collected by: Cado Host (ECS Exec/kubectl exec))
- 5. How do you Investigate an ECS Container in Cado? https://docs.cadosecurity.com/cado-response/discovery-import/import/aws/aws-ecs
- 6. How do you Remediate a compromised ECS Cluster? https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_remediate.html#compromised-ecs
- 7. Cado Response Free 14-day trial Receive unlimited access to the Cado Response Platform for 14 days. www.cadosecurity.com/free-investigation/