EC2 Many Instances

Cloud

Estimated Time

45

Difficulty

Medium

Point Value

20

Query Languages

SPL

Cloud Catastrophe
Part of Pathway

Cloud Catastrophe

The morning started like any other at Nimbus Technologies, a growing startup with a substantial AWS footprint. Their monitoring dashboard suddenly lit up with alerts—unusual login patterns, unexpected API calls, and resource changes nobody authorized.

6 Techniques

Challenge Description

With privilege escalation and data exfiltration identified, you began running through the process of evicting the attacker. As you worked, the administrators at Nimbus Technologies alerted you to a massive increase in projected billing costs in the account - what happened?

Log Source Types

AWS CloudTrail

MITRE ATT&CK Techniques

T1496 - Resource Hijacking
T1578 - Modify Cloud Compute Infrastructure
T1562.007 - Impair Defenses: Disable or Modify Cloud Firewall

Getting Started

1

Sign in or create an account to begin the challenge

2

Review the challenge description and log types

3

Click "Start Challenge" to begin your investigation

Ready to start the challenge?

Head to the workspace to begin solving