CONFIRMED Security Workshop

We're excited to offer this workshop in partnership with the Boulder AWS and AWS Colorado Springs User Groups. This will be part of a series of shared events focused on AWS security partners and customers.

Come join us for this exciting first event in the series!

Hands-On Cloud Security: Attacking and Defending AWS Workloads

Please bring your laptop to this event.

## Agenda Outline

### 1. Welcome & Context (10 minutes)

• Session goals and structure
• Overview of attacker vs. defender mindset
• What participants will see and learn

***

### 2. Live Attack Demonstration – Unprotected Environment (60–75 minutes)

Focus: Realistic, high-impact scenarios
Attack Scenario

• Phishing → Credential Capture → Ransomware
• Instructor-led walkthrough (participants observe and interact via VDI)
• Demonstration includes:
• Phishing email creation and delivery
• Credential harvesting
• Initial access to a workstation
• Ransomware execution and lateral movement (shares/network impact)

Key Takeaway

• How quickly a basic attack can compromise an environment without controls

***

### 3. AWS Security Tooling Overview (15–20 minutes)

Blue Team Perspective

• Overview of enabled AWS protections, including:
• GuardDuty
• Security Hub
• CloudTrail
• Endpoint / workload protection
• What signals and alerts look like in real time
• How AWS detects attacker behavior

***

### 4. Attack Replay – Protected AWS Environment (20–30 minutes)

Same attack, different outcome

• Repeat the ransomware attempt against a secured AWS environment
• Show:
• Failed attack paths
• Alerts and detections
• Automated and manual response signals
• Clear contrast between unprotected vs. protected outcomes

***

### 5. Wrap-Up & Discussion (10–15 minutes)

• Key lessons learned
• How these attacks translate to real-world risk
• Q&A with participants
• Optional discussion on next steps or deeper labs