Apr 8, 2014 · 7:00 PM
*Scheduling Note: This was originally planned for March 11, but I had to move it out to April 8 due to our room at ATDC being unavailable this month. There is no planned meeting in March.
Have you ever launched an EC2 instance with port 22 (SSH) open to the Internet and wondered what your chances of getting hacked might be? And if a hacker did get in, would you even be aware of it? If so, tonight's topic should be of interest.
We're going to be discussing Indicators of Compromise, or IoCs, for EC2 environments. I'll review some of the most common types of breaches in EC2 and give you some examples of what hackers do after they've broken in. We'll look at different places in your stack that hackers could target (app, database, OS/instance, AWS account) and what signs you can monitor at each level to detect malicious activity.
Please come with your EC2 security questions or war stories about dealing hackers for our group discussion after the presentation.