Welcome! We hope that this introductory lab will be enjoyed by red and blue alike. Purple-teaming FTW! It showcases using AWS CloudTrail logs to detect malicious activity, as well as S3 enumeration.

We've been alerted to a potential security incident. The Huge Logistics security team have provided you with AWS keys of an account that saw unusual activity, as well as AWS CloudTrail logs around the time of the activity. We need your expertise to confirm the breach by analyzing our CloudTrail logs, identifying the compromised AWS service and any data that was exfiltrated.

• Basic Linux command line knowledge

• Prettifying JSON files for easier analysis
• Familiarity with the AWS CLI
• Familiarity with analyzing CloudTrail logs
• Enumerating S3 buckets
• Simulating an attacker to validate the path to breach

Analyzing AWS CloudTrail logs is a standard practice for detecting suspicious activity within an AWS account, while S3 buckets are frequently targeted by attackers due to the valuable data they can contain.