Cado Security is the cloud investigation and response automation company. Its Cado Response platform leverages the scale, speed and automation of the cloud to effortlessly deliver forensic-level detail into cloud, container and serverless environments. Only Cado empowers security teams to investigate and respond at cloud speed.
Webinar on Demand
Investigating a Cloud Attack With Cado Community Edition
Cado Security recently released a free community edition along with a Capture the Flag (CTF) challenge for the purpose of educating incident responders on how to investigate attacks on cloud-based systems. In this webinar, Cado Security walks through the Capture the Flag (CTF) challenge and determines how the AWS system was compromised using the Cado Community Edition.
Watch on demand to learn:
- How to leverage key features in the Cado Community Edition to speed up investigation and response
- How bad actors are compromising cloud assets such as AWS EC2s
- How to analyze various data sources including AWS GuardDuty logs and full volume captures
Watch On Demand
Webinar Speakers
Paul Stamp
VP of Products
Jordan Bowen
Director of Product Marketing
Want to flex your skills?
See if you can solve the CTF challenge using the Cado Community Edition before the webinar.
Step 1:
Install the Cado Community Edition
Step 2:
In the 'help' section of the platform, click “Import CTF data”
Step 3:
Answer the challenge questions
Challenge Questions
1. A plugin on which locally installed application was used to install a backdoor?
2. What tool did the attacker use to upload files onto the system?
3. What URL did the attacker use as a command and control site (note: you can access this site safely)?
4. What was the name of the file the attacker downloaded and decompressed containing the payload (note: we deleted this actual file from the CTF data for security reasons)?
5. What was the ID of the wallet the cryptomining spoils went to?Background: AWS GuardDuty raised a notification that an instance in the AWS account was accessing a known BitCoin mining address. The CTF data imported is the AWS GuardDuty logs, plus a disk image of the instance in question. The original image file was over 8GB in size, but for the purposes of this capture the flag, we reduced it down to around 30MB.
