Nosy Nimbus

Cloud

Estimated Time

30

Difficulty

Easy

Point Value

15

Query Languages

SPL

Cloud Catastrophe
Part of Pathway

Cloud Catastrophe

The morning started like any other at Nimbus Technologies, a growing startup with a substantial AWS footprint. Their monitoring dashboard suddenly lit up with alerts—unusual login patterns, unexpected API calls, and resource changes nobody authorized.

6 Techniques

Challenge Description

After getting access to Nimbus Technologies AWS account, the attacker likely performed actions to figure out more details about their surroundings. Narrow down what information they gained, so you know where to pivot as well.

Log Source Types

AWS CloudTrail

MITRE ATT&CK Techniques

T1087.004 Account Discovery: Cloud Account
T1069.003 - Permission Groups Discovery: Cloud Groups
T1538 - Cloud Service Discovery

Getting Started

1

Sign in or create an account to begin the challenge

2

Review the challenge description and log types

3

Click "Start Challenge" to begin your investigation

Ready to start the challenge?

Head to the workspace to begin solving