Cloudy, With A Chance Of Hackers

Cloud

Estimated Time

15

Difficulty

Easy

Point Value

10

Query Languages

SPL

Cloud Catastrophe
Part of Pathway

Cloud Catastrophe

The morning started like any other at Nimbus Technologies, a growing startup with a substantial AWS footprint. Their monitoring dashboard suddenly lit up with alerts—unusual login patterns, unexpected API calls, and resource changes nobody authorized.

6 Techniques

Challenge Description

It's Friday afternoon at the Nimbus Technologies office, and you're ready to end your week. All of a sudden, you get an alert on your AWS Guard Duty Console that was forwarded to your inbox. 'UnauthorizedAccess:IAMUser/ConsoleLoginSuccess.B'. Hope you didn't have a long weekend planned!

Log Source Types

AWS CloudTrail

MITRE ATT&CK Techniques

T1078 - Valid Accounts
T1078.004 - Cloud Accounts

Getting Started

1

Sign in or create an account to begin the challenge

2

Review the challenge description and log types

3

Click "Start Challenge" to begin your investigation

Ready to start the challenge?

Head to the workspace to begin solving