Cyber Security Minder

Friday, October 19, 2018

Cloud IR Resources - Sky-hi IR: IR at cloud scale

Talk slides here:

Recording here: https://www.youtube.com/watch?v=Q8hfcBJVKq8&t=15s

Big "Thanks!" to BsidesRDU.org and Adrian Crenshaw (@irongeek_adc)


Data costs:

https://azure.microsoft.com/en-us/pricing/details/bandwidth/
https://aws.amazon.com/blogs/aws/estimate-your-c/

Tools:

SIFT Workstation
Getting Data from S3 via Python
AWS Montoring and Alerting 3-rd party tools:

  • Cloud-Custodian
  • Cloud-Inquisitor
  • CloudTracker
  • Security Money
  • StreamAlert
  • Wazuh


Related Talks:

Logging, Monitoring, and Alerting in AWS (The TL;DR) - SANS DFIR Summit 2018 - Jonathan Poling (@JPoForenso)

Automating Incident Response and Forensics in AWS - Ben Potter - AWS Security Lead


How-Tos:
How to copy a VMDK to image

SIFT Workstation How-Tos


Whitepapers
Incident Handler's Handbook by Patrick Kral - February 21, 2012


Posted by Aaron L. at 2:30 PM No comments:
Labels: Bsides, Cloud, DOJ, hacking, Incident Response, InfoSec, SANS, STI, Talks
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

My Tweets

Tweets by @aarondlancaster

Tweets from US-CERT

Tweets by @USCERT_gov

Aaron Lancaster

Aaron Lancaster
Founder and Principal Consultant, 1 Ping Security Co.

Cyber Security Minder

Loading...

Subscribe to Cyber Security Minder

Posts
Atom
Posts
All Comments
Atom
All Comments

Linkedin

Aaron D. Lancaster

Bio

Aaron is Founder & Principal Security Consultant of 1 Ping Security Co. (https://www.1pingsecurity.com), a Service-Disabled Veteran-Owned Small Business (SD-VOSB) with focus on helping enterprises secure their edge, colocation, and public cloud environments while increasing speed to delivery and resiliency. In his 15 years of work in the cybersecurity field, Aaron has gained the trust of business and technology leaders in industries including managed services, healthcare, payments, financial services, the federal government, software, energy, and defense industries. Aaron is Co-founder of the East Tennessee Chapter of ISSA (etnissa.org) and board advisor to the Triangle Chapter of the Cloud Security Alliance (csa-triangle.org).
Connect with Aaron:
LinkedIn: www.linkedin.com/in/aarondlancaster
Twitter: @aarondlancaster
SlideShare:
https://www.slideshare.net/AaronLancaster3
KeyBase.io: https://keybase.io/aarondlancaster
GitHub: https://github.com/casterlan

Blog Archive

  • ►  2021 (1)
    • ►  September (1)
  • ►  2020 (1)
    • ►  May (1)
  • ►  2019 (1)
    • ►  October (1)
  • ▼  2018 (7)
    • ►  November (1)
    • ▼  October (1)
      • Cloud IR Resources - Sky-hi IR: IR at cloud scale
    • ►  September (1)
    • ►  August (1)
    • ►  July (1)
    • ►  June (1)
    • ►  April (1)
  • ►  2017 (2)
    • ►  November (1)
    • ►  February (1)
  • ►  2016 (12)
    • ►  December (1)
    • ►  October (2)
    • ►  September (2)
    • ►  August (1)
    • ►  July (1)
    • ►  June (1)
    • ►  May (2)
    • ►  March (1)
    • ►  February (1)
  • ►  2015 (2)
    • ►  May (1)
    • ►  January (1)
Copyright © 2000–2022 Aaron D. Lancaster. All rights reserved | Terms of Service. Simple theme. Powered by Blogger.