Certified Security - Specialty

Sign Up Free or Log In to participate!

Disable and Delete?

If an attacker has your access and secret key, they likely have used STS to get a session by assuming role. You need to invalidate that session too after disabling their access key. Not sure if this is in the exam, but a crucial middle step in Incident Response for key compromise.


Again see AWS-IR here: https://github.com/ThreatResponse/aws_ir


Ha. The message board system thinks the underscores are markdown for italics… Can’t fix in my post.

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?