CONFIRMED Security Workshop
Details
We're excited to offer this workshop in partnership with the Boulder AWS and AWS Colorado Springs User Groups. This will be part of a series of shared events focused on AWS security partners and customers.
Come join us for this exciting first event in the series!
Hands-On Cloud Security: Attacking and Defending AWS Workloads
Please bring your laptop to this event.
## Agenda Outline
### 1. Welcome & Context (10 minutes)
- Session goals and structure
- Overview of attacker vs. defender mindset
- What participants will see and learn
***
### 2. Live Attack Demonstration – Unprotected Environment (60–75 minutes)
Focus: Realistic, high-impact scenarios
Attack Scenario
- Phishing → Credential Capture → Ransomware
- Instructor-led walkthrough (participants observe and interact via VDI)
- Demonstration includes:
- Phishing email creation and delivery
- Credential harvesting
- Initial access to a workstation
- Ransomware execution and lateral movement (shares/network impact)
Key Takeaway
- How quickly a basic attack can compromise an environment without controls
***
### 3. AWS Security Tooling Overview (15–20 minutes)
Blue Team Perspective
- Overview of enabled AWS protections, including:
- GuardDuty
- Security Hub
- CloudTrail
- Endpoint / workload protection
- What signals and alerts look like in real time
- How AWS detects attacker behavior
***
### 4. Attack Replay – Protected AWS Environment (20–30 minutes)
Same attack, different outcome
- Repeat the ransomware attempt against a secured AWS environment
- Show:
- Failed attack paths
- Alerts and detections
- Automated and manual response signals
- Clear contrast between unprotected vs. protected outcomes
***
### 5. Wrap-Up & Discussion (10–15 minutes)
- Key lessons learned
- How these attacks translate to real-world risk
- Q&A with participants
- Optional discussion on next steps or deeper labs
