Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    AWS Real-World Attack Analysis: Threat Detection in the Cloud- In Ming Loh & Wei Chea Ang - DCSG2026
    AWS Real-World Attack Analysis: Threat Detection in the Cloud- In Ming Loh & Wei Chea Ang - DCSG2026
    AWS Real-World Attack Analysis: Threat Detection in the Cloud- In Ming Loh & Wei Chea Ang - DCSG2026
    AWS Real-World Attack Analysis: Threat Detection in the Cloud- In Ming Loh & Wei Chea Ang - DCSG2026

    AWS Real-World Attack Analysis: Threat Detection in the Cloud- In Ming Loh & Wei Chea Ang - DCSG2026

    Singapore 2026

    Name of Training: AWS Real-World Attack Analysis: Threat Detection in the Cloud
    Trainer(s): In Ming LOH & Wei Chea ANG
    Dates: April 26-27, 2026
    Time: TBD
    Venue: Marina Bay Sands
    Early Bird Cost (GST included): $2,016 USD / equivalent to $2,600

    Early bird price valid until February 8, 2026.

    Short Summary:

    This comprehensive, hands-on course equips security teams with the practical skills to master AWS security services and CloudTrail analysis, moving beyond theory to effectively detect and respond to modern attack techniques like privilege escalation and data exfiltration. Attendees will leave with a robust security foundation and the proven ability to investigate and defend their AWS infrastructure, directly strengthening their organization's cloud security posture.

    Course Description:

    This course is designed to equip security teams with the essential knowledge and practical skills needed to safeguard their AWS environments from modern threats. Participants will gain a deep understanding of core AWS security services, common attack vectors, and the capabilities of AWS CloudTrail for effective threat detection and response. Through hands-on labs, students will begin by configuring fundamental AWS services like Identity and Access Management (IAM), Amazon Elastic Compute Cloud (EC2), and AWS CloudTrail, establishing a robust foundation for security monitoring.

    Building upon this foundation, participants will engage in various investigation scenarios, analyzing CloudTrail data to identify and investigate various attack techniques demonstrated by the instructor. This practical approach allows students to master the analysis of CloudTrail logs and uncover suspicious activity. They will learn to identify prevalent attack techniques, such as privilege escalation and data exfiltration.

    This course empowers security professionals to build a robust security posture and effectively defend their AWS infrastructure against evolving threats.

    Course Outline:

    Topic 1: AWS Fundamentals (Day 1)

    • AWS Overview: Introducing the AWS core concept.
    • Hands on Configuration of AWS services such as IAM, EC2, Lambda, S3. This will provide the fundamental knowledge for the attendees before we cover how these services are abused by the threat actor.

    Topic 2: Introduction to AWS CloudTrail (Day 1)

    • CloudTrail Fundamentals: Learn the core concepts and functionalities of AWS CloudTrail.
    • Configuring CloudTrail: Master the process of setting up CloudTrail trails to capture relevant events and activities.

    Topic 3: CloudTrail Log Analysis (Day 1/Day 2)

    • Log Interpretation: Develop the ability to decipher CloudTrail logs to identify user activities, API calls, and resource changes.
    • Threat Detection: Learn to recognize indicators of compromise (IoCs), indicators of attack (IoA) and anomalies within CloudTrail logs.
    • Advanced Analysis Techniques: Explore methods for extracting actionable intelligence from CloudTrail data.

    Topic 4: Understanding the AWS Threat Landscape (Day 2)

    • Common AWS Attack Vectors: Explore real-world attack scenarios, including unauthorized access and data exfiltration.
    • Threat Actor Tactics: Analyze the techniques employed by malicious actors to target AWS environments, aligning them with the industry-standard MITRE ATT&CK Framework.

    Topics 5: AWS Attack Detection (Day 2)

    • Advanced Threat Hunting with CloudTrail: Analyze attacker methodologies and tactics as captured in CloudTrail logs to understand the techniques used by adversaries, enabling you to proactively identify and counteract potential threats.
    • Practical Tips for Effective CloudTrail-Based Threat Hunting: Learn proven best practices and actionable strategies to perform robust threat hunting with CloudTrail, ensuring you can efficiently monitor, detect, and respond to evolving cyber risks.

    Difficulty Level:

    Intermediate - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

    Suggested Prerequisites:

    Participants are not required to have prior AWS knowledge. The training curriculum includes comprehensive coverage of AWS fundamentals, though any existing AWS and SOC experience will be beneficial.

    What Students Should Bring:

    • Laptop

    What the Trainer Will Provide:

    • Online lab + Slides

    Trainer(s) Bio:

    In Ming LOH is a principal consultant at a prominent cybersecurity firm, specializing in incident response and technical assessment engagements with a strong emphasis on cloud environments. He has been instrumental in numerous high-profile investigations, involving both nation-state and e-crime threat actors across a wide array of industries.

    Wei Chea ANG currently works at a leading SaaS company, empowering enterprises to secure and manage their digital assets. For the past 7 years, he has specialized in cloud security, working with a diverse range of organizations from startups to Fortune 100 companies. His expertise has been shared at prestigious conferences, including HITCon, ISC2 APAC Congress, and FIRST APAC Symposium.

    Registration Terms and Conditions: 

    Trainings are refundable before March 27, 2026, minus a non-refundable processing fee of $250.

    Between March 27, 2026 and April 21, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

    All trainings are non-refundable after April 21, 2026.

    Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

    If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

    Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

    DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

    By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

    Several breaks will be included throughout the day. Please note that food is not included.

    All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.

     

    $2,016.00