Key Party Gone Wrong

Cloud

Desktop Recommended

This SPL/SIEM challenge is optimized for desktop computers. For the best experience with complex queries and data analysis, we recommend using a larger screen.

Estimated Time

45

Difficulty

Medium

Point Value

25

Query Languages

SPL

Cloud Catastrophe
Part of Pathway

Cloud Catastrophe

The morning started like any other at Nimbus Technologies, a growing startup with a substantial AWS footprint. Their monitoring dashboard suddenly lit up with alerts—unusual login patterns, unexpected API calls, and resource changes nobody authorized.

6 Techniques

Challenge Description

The administrator alerted you that something has gone very wrong... after doing damage control in the Nimbus Technologies AWS account, you found a compromise had occurred. Can you figure out what happened?

Log Source Types

AWS CloudTrail

MITRE ATT&CK Techniques

T1098.001 - Account Manipulation: Additional Cloud Credentials
T1606.001 - Forge Web Credentials: Web Cookies

Getting Started

1

Sign in or create an account to begin the challenge

2

Review the challenge description and log types

3

Click "Start Challenge" to begin your investigation

Ready to start the challenge?

Head to the workspace to begin solving