Awesome DFIR - Digital Forensics & Incident Response
How to respond in AWS?

How to respond in AWS?

Getting the big picture

AWS Security Logging

Security Logging in Cloud Environments - AWS

If you had to architect a multi-account security logging strategy, where should you start? This blog, part of the " Continuous Visibility into Ephemeral Cloud Environments " series, will describe a design for a state of the art multi-account security-related logging platform in AWS.

www.marcolancini.it

Security Logging in Cloud Environments - AWS

Incident Response Guides

Runbooks examples

aws-samples/aws-incident-response-runbooks

These run-books are created to be used as templates only. They should be customized by administrators working with AWS to suit their particular needs, risks, available tools and work processes. These guides are not official AWS documentation and are provided as-is to customers using AWS products and who are looking to improve their incident response capability.

github.com

aws-samples/aws-incident-response-runbooks

Digging into AWS specific use cases: Detecting Credentials Compromise in AWS

BSidesSF 2019: DevSecOps State of the Union

There have been many great talks, tools, and blog posts in the security automation / DevSecOps space over the past few years. This talk attempts to aims to gather, organize and provide references to particularly useful resources in a number of domains. In all, around 40 other talks are referenced in this 30 minute talk.

tldrsec.com

BSidesSF 2019: DevSecOps State of the Union