April 2019
Intermediate to advanced
508 pages
11h 57m
English
The main problem with these types of attack on CloudTrail is that GuardDuty is designed to detect them, but there are a few potential bypasses that allow us to make changes without being discovered.
The first and most simple bypass would be to detect what the usual activity is for the user you have compromised. GuardDuty uses machine learning (more in Chapter 16, GuardDuty) to detect these attacks as being unusual, so if you compromised a user who has a history of disabling/deleting/modifying CloudTrail trails, then it might be possible for you to do the same without GuardDuty detecting that as an anomaly.
Another partial solution would be to modify logs after they are delivered to their ...
Read now
Unlock full access