AWS Detection Engineering with Grimoire

Grimoire is an open-source tool we can use to generate datasets of cloud audit logs for common attacks. For example, it can be used with Stratus Red Team to detonate an attack, injecting a unique user agent containing a UUID, so that Grimoire can then poll CloudTrail logs to retrieve the ones that were caused by the detonation. It will stream those results into your terminal or into a file, and you can use that information for you detection engineering efforts.

This video shows you how to get started with Grimoire.

Disclaimer
As a disclaimer, this video is intended purely for educational purposes. Only use this to simulate attacks against your own AWS environments and/or with explicit permissions. This is an invaluable resource for learning how to defend your own environments and should NOT be used for malicious purposes.

🔗 Links from the video 🔗
Grimoire: https://github.com/DataDog/grimoire
Christophe Tafani-Dereeper's website: https://blog.christophetd.fr/
Stratus Red Team website: https://stratus-red-team.cloud/
GitHub link: https://github.com/DataDog/stratus-re...
Cybr Hands-On Labs link: https://cybr.com/hands-on-labs/
Cybr: https://cybr.com/
AWS Incident Response course: https://cybr.com/courses/incident-res...