GuardDuty
As attackers, it is important to understand what kind of monitoring is going on in our target environment, as it can and will shape the entire attack plan. If I know that a certain type of monitoring is enabled to trigger whenever XYZ happens, then I won't ever perform XYZ because I know that I'll get caught. Instead, I'll take another route that is more likely to go under the radar. If I know that there is no monitoring in the environment, then I can take the easiest or quickest path to my goal without worrying about triggering alerts on certain actions.
Amazon Web Services (AWS) offers a variety of security services, but the main security monitoring service is known as GuardDuty. It is important to note that even in an environment ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access