Cloud Catastrophe

The morning started like any other at Nimbus Technologies, a growing startup with a substantial AWS footprint. Their monitoring dashboard suddenly lit up with alerts—unusual login patterns, unexpected API calls, and resource changes nobody authorized.

Your Progress

0% Complete

Pathway Introduction

As Nimbus' newly hired security analyst, you've been tasked with investigating this potential breach. The CTO is breathing down your neck while the company's critical cloud infrastructure and sensitive customer data hang in the balance.

Using your SPL skills and cloud security knowledge, you'll need to trace the attacker's path through CloudTrail logs, determine what systems were compromised, assess potential data exfiltration, and identify unauthorized infrastructure changes.

Time is of the essence—every minute the attacker remains in the environment, they could be accessing more sensitive data or setting up persistent backdoors. Your mission: follow the digital breadcrumbs, understand the scope of the breach, and provide the intelligence needed to stop the attack and begin recovery.

Are your cloud forensics skills up to the challenge? Dive into the logs and find out!

Pathway Chapters

Chapter 1: When It Rains, It Pours

2 Questions

Discover the initial signs of the breach by investigating unusual login patterns and access key exposures.

Initial Access

Chapter 2: Storm Chasers

2 Questions

Track the attacker's reconnaissance activities and attempts to escalate privileges within the AWS environment.

Discovery

Privilege Escalation

Chapter 3: Weather the Storm

2 Questions

Identify data exfiltration attempts and infrastructure changes made to increase the monetary value of the breach for the attackers.

Collection

Exfiltration

Related MITRE ATT&CK Tactics

Initial Access

2 Questions

Techniques that adversaries use to gain their initial foothold within a network or system.

Privilege Escalation

1 Question

Techniques that adversaries use to gain higher-level permissions on a system or network.

Discovery

1 Question

Techniques that adversaries use to gain knowledge about the system and internal network.

Collection

1 Question

Techniques adversaries use to gather information and the data they're after as part of their mission.

Exfiltration

1 Question

Techniques that adversaries use to move data from a system to an external system.

Impact

1 Question

Techniques that adversaries use to cause damage to a system or network.

Chapter Progress

Chapter 1: When It Rains, It Pours

Discover the initial signs of the breach by investigating unusual login patterns and access key exposures.

Initial Access

Incomplete

CH1 - Problem 1 - Cloudy With A Chance of Hackers

Incomplete

CH1 - Problem 2 - Key Party Gone Wrong

Chapter 2: Storm Chasers

Track the attacker's reconnaissance activities and attempts to escalate privileges within the AWS environment.

Discovery

Privilege Escalation

Incomplete

CH2 - Problem 1 - Nosy Nimbus

Incomplete

CH2 - Problem 2 - Stealing the Silver Lining

Chapter 3: Weather the Storm

Identify data exfiltration attempts and infrastructure changes made to increase the monetary value of the breach for the attackers.

Collection

Exfiltration

Incomplete

CH3 - Problem 1 - Leaky Bucket Brigade

Incomplete

CH3 - Problem 2 - EC2 Many Instances

Est. Time

90 min

Difficulty

Easy

Questions

Pathway Stats

Easy Difficulty

90 minutes

6 questions

Prerequisites

A basic understanding of SPL
Familiarity with AWS API Commands
A basic understanding of networking concepts