open-menu
closeme
AWS S3 Bucket Versioning Disable
calendar
Sep 2, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
AWS Attached Malicious Lambda Layer
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Important Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS Config Disabling Channel/Recorder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS Console GetSigninToken Potential Abuse
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.007
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Disable EBS Encryption
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
attack.t1565
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Startup Shell Script Change
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1059.003
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 VM Export Failure
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
AWS ECS Task Definition That Queries The Credential Endpoint
calendar
Aug 12, 2024
·
attack.persistence
attack.t1525
·
Share on:
twitter
facebook
linkedin
copy
AWS EFS Fileshare Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AWS EFS Fileshare Mount Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
AWS EKS Cluster Created or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
AWS Glue Development Endpoint Activity
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS GuardDuty Important Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Backdoor Users Keys
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser LoginProfile Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser Templated S3 Bucket Policy Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.009
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser User or AccessKey Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS Identity Center Identity Provider Change
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Master Password Change
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
AWS Root Credentials
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transfer Lock Disabled
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transferred to Another Account
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Data Management Tampering
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
AWS SecurityHub Findings Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
AWS Snapshot Backup Exfiltration
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
AWS STS AssumeRole Misuse
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1548
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS STS GetSessionToken Misuse
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1548
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS Suspicious SAML Activity
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
attack.lateral-movement
attack.t1548
attack.privilege-escalation
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS User Login Profile Was Modified
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Ingress/Egress Security Group Modification
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
LoadBalancer Security Group Modification
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Malicious Usage Of IMDS Credentials Outside Of AWS Infrastructure
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1078
attack.t1078.002
·
Share on:
twitter
facebook
linkedin
copy
New Network ACL Entry Added
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
New Network Route Added
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential Bucket Enumeration on AWS
calendar
Aug 12, 2024
·
attack.discovery
attack.t1580
·
Share on:
twitter
facebook
linkedin
copy
Potential Malicious Usage of CloudTrail System Manager
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1566
attack.t1566.002
·
Share on:
twitter
facebook
linkedin
copy
RDS Database Security Group Modification
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Restore Public AWS RDS Instance
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
SES Identity Has Been Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
to-top