Join us for CloudHunt Capture The Flag, a cloud-focused event by TryHackMe. This CTF features an investigative challenge designed to put your Blue Teaming skills to the test.
Shadow Crawler, an emerging threat group, is targeting cloud infrastructures through help desks and SSO apps. Blue teamers are called in to hunt IOCs, such as third-party compromise, cloud intrusion, and ransomware deployment. Join us if you’re ready to be challenged!
TRC Resorts International, concerned about the growing threat landscape in cloud infrastructures, decided to engage with CloudFortify Technologies to improve the security posture of their AWS infrastructure. Unbeknownst to TRC Resorts, a threat actor had infiltrated CloudFortify’s cloud assets, completely owning their IaaS infrastructure. The compromise on CloudFortify led to a ransomware incident on TRC Resorts.
At the time of the ransomware note discovery, TRC Resort’s CISO was immediately informed and started coordinating with their internal Incident Response team. In parallel with the ongoing incident on TRC, CloudFortify Innovations discovered a potential breach and started to conduct a security audit. Because of this, CloudFortify has agreed to provide access to their SIEM (Elastic), which contains their AWS CloudTrail and application logs. Together with CloudFortify’s logs, your task is to trace back the unusual events in your CloudTrail logs and determine the root cause of the incident.