Use Case: Cloud Threat Detection | Detection.FYI

AWS S3 Static Site JavaScript File Uploaded

Apr 30, 2025 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS S3 Tactic: Impact Use Case: Web Application Compromise Use Case: Cloud Threat Detection Resources: Investigation Guide ·
Share on:

This rule detects when a JavaScript file is uploaded or accessed in an S3 static site directory (static/js/) by an IAM user or assumed role. This can indicate suspicious modification of web content hosted on S3, such as injecting malicious scripts into a static website frontend.

Read More
AWS CLI with Kali Linux Fingerprint Identified

Apr 21, 2025 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS CloudTrail Tactic: Initial Access Use Case: Cloud Threat Detection Resources: Investigation Guide ·
Share on:

Identifies the usage of the AWS CLI with a user agent string containing distrib#kali, which suggests the request was made from a Kali Linux distribution. This may indicate offensive security tooling or unauthorized use of the AWS CLI from a potentially adversarial environment.

Read More