Security research and open source at Datadog
Christophe lives in Switzerland and works on open source and cloud security at Datadog. He's passionate about cloud-native technologies, information security, and especially the intersection of both. He previously worked as a software developer, penetration tester and cloud security engineer, and is the maintainer of several open-source projects.
| Aug 09th 2024 | Adversary Village Area | Las Vegas Convention Center. Purple Team
In this workshop, we'll run a hands-on course on how to use Stratus Red Team to test, build and validate threat detection rules in AWS. We'll start by setting up your AWS account to generate CloudTrail logs in a queryable format. We'll then perform a full attack chain against a vulnerable application running on AWS, reflecting some of the most common ways attackers breach cloud environments (based on real-world threat intelligence). As a next step, we'll build detection queries using CloudTrail Lake SQL, and to validate our detections we'll reproduce our attacks live, granularly, using Stratus Red Team. Finally, we'll showcase a brand new open-source project, Grimoire, which allows leveraging pre-built datasets of AWS CloudTrail logs for common attacks. Along the way, we'll mention some caveats to watch out for when doing threat detection in the cloud. Note: You don't need an AWS account as a prerequisite for this workshop, we'll give you a temporary one!
We Engage.
Join Adversary Village official Discord server to connect with our amazing community of adversary simulation experts and offensive security researchers!
