├── README.md ├── Screenshots ├── 1.png ├── 10.png ├── 11.png ├── 12.png ├── 13.png ├── 14.png ├── 15.png ├── 16.png ├── 17.png ├── 18.png ├── 19.png ├── 2.png ├── 20.png ├── 21.png ├── 22.png ├── 23.png ├── 24.png ├── 25.png ├── 26.png ├── 27.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png └── 9.png ├── aws.credential-access.ec2-get-password-data.md ├── aws.credential-access.ec2-steal-instance-credentials.md ├── aws.credential-access.secretsmanager-retrieve-secrets.md ├── aws.credential-access.ssm-retrieve-securestring-parameters.md ├── aws.defense-evasion.cloudtrail-delete.md ├── aws.defense-evasion.cloudtrail-event-selectors.md ├── aws.defense-evasion.cloudtrail-lifecycle-rule.md ├── aws.defense-evasion.cloudtrail-stop.md ├── aws.defense-evasion.organizations-leave.md ├── aws.defense-evasion.vpc-remove-flow-logs.md ├── aws.discovery.ec2-enumerate-from-instance.md ├── aws.exfiltration.ec2-security-group-open-port-22-ingress.md ├── aws.exfiltration.ec2-share-ami.md ├── aws.exfiltration.ec2-share-ebs-snapshot.md ├── aws.exfiltration.rds-share-snapshot.md ├── aws.exfiltration.s3-backdoor-bucket-policy.md └── aws.persistence.iam-backdoor-role.md /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/README.md -------------------------------------------------------------------------------- /Screenshots/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/1.png -------------------------------------------------------------------------------- /Screenshots/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/10.png -------------------------------------------------------------------------------- /Screenshots/11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/11.png -------------------------------------------------------------------------------- /Screenshots/12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/12.png -------------------------------------------------------------------------------- /Screenshots/13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/13.png -------------------------------------------------------------------------------- /Screenshots/14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/14.png -------------------------------------------------------------------------------- /Screenshots/15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/15.png -------------------------------------------------------------------------------- /Screenshots/16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/16.png -------------------------------------------------------------------------------- /Screenshots/17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/17.png -------------------------------------------------------------------------------- /Screenshots/18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/18.png -------------------------------------------------------------------------------- /Screenshots/19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/19.png -------------------------------------------------------------------------------- /Screenshots/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/2.png -------------------------------------------------------------------------------- /Screenshots/20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/20.png -------------------------------------------------------------------------------- /Screenshots/21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/21.png -------------------------------------------------------------------------------- /Screenshots/22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/22.png -------------------------------------------------------------------------------- /Screenshots/23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/23.png -------------------------------------------------------------------------------- /Screenshots/24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/24.png -------------------------------------------------------------------------------- /Screenshots/25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/25.png -------------------------------------------------------------------------------- /Screenshots/26.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/26.png -------------------------------------------------------------------------------- /Screenshots/27.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/27.png -------------------------------------------------------------------------------- /Screenshots/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/3.png -------------------------------------------------------------------------------- /Screenshots/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/4.png -------------------------------------------------------------------------------- /Screenshots/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/5.png -------------------------------------------------------------------------------- /Screenshots/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/6.png -------------------------------------------------------------------------------- /Screenshots/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/7.png -------------------------------------------------------------------------------- /Screenshots/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/8.png -------------------------------------------------------------------------------- /Screenshots/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/Screenshots/9.png -------------------------------------------------------------------------------- /aws.credential-access.ec2-get-password-data.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.credential-access.ec2-get-password-data.md -------------------------------------------------------------------------------- /aws.credential-access.ec2-steal-instance-credentials.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.credential-access.ec2-steal-instance-credentials.md -------------------------------------------------------------------------------- /aws.credential-access.secretsmanager-retrieve-secrets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.credential-access.secretsmanager-retrieve-secrets.md -------------------------------------------------------------------------------- /aws.credential-access.ssm-retrieve-securestring-parameters.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.credential-access.ssm-retrieve-securestring-parameters.md -------------------------------------------------------------------------------- /aws.defense-evasion.cloudtrail-delete.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.defense-evasion.cloudtrail-delete.md -------------------------------------------------------------------------------- /aws.defense-evasion.cloudtrail-event-selectors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.defense-evasion.cloudtrail-event-selectors.md -------------------------------------------------------------------------------- /aws.defense-evasion.cloudtrail-lifecycle-rule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.defense-evasion.cloudtrail-lifecycle-rule.md -------------------------------------------------------------------------------- /aws.defense-evasion.cloudtrail-stop.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.defense-evasion.cloudtrail-stop.md -------------------------------------------------------------------------------- /aws.defense-evasion.organizations-leave.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.defense-evasion.organizations-leave.md -------------------------------------------------------------------------------- /aws.defense-evasion.vpc-remove-flow-logs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.defense-evasion.vpc-remove-flow-logs.md -------------------------------------------------------------------------------- /aws.discovery.ec2-enumerate-from-instance.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.discovery.ec2-enumerate-from-instance.md -------------------------------------------------------------------------------- /aws.exfiltration.ec2-security-group-open-port-22-ingress.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.exfiltration.ec2-security-group-open-port-22-ingress.md -------------------------------------------------------------------------------- /aws.exfiltration.ec2-share-ami.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.exfiltration.ec2-share-ami.md -------------------------------------------------------------------------------- /aws.exfiltration.ec2-share-ebs-snapshot.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.exfiltration.ec2-share-ebs-snapshot.md -------------------------------------------------------------------------------- /aws.exfiltration.rds-share-snapshot.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.exfiltration.rds-share-snapshot.md -------------------------------------------------------------------------------- /aws.exfiltration.s3-backdoor-bucket-policy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.exfiltration.s3-backdoor-bucket-policy.md -------------------------------------------------------------------------------- /aws.persistence.iam-backdoor-role.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sbasu7241/AWS-Threat-Simulation-and-Detection/HEAD/aws.persistence.iam-backdoor-role.md --------------------------------------------------------------------------------