Identifying and Remediating Threats with AWS Security Hub

1.5 hours
  • 5 Learning Objectives

About this Hands-on Lab

This hands-on lab walks you through a threat emulation exercise on how to use Security Hub to investigate a hacking attempt.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Enable AWS Security Hub and Deploy Honeypots (Logged in as cloud_user)
  • Enable AWS Config
  • Enable AWS Security Hub
  • From CloudFormation, create a stack using the provided template
Launch EC2 Instance (Logged in as Martina)
  • Create VPC
    • Select VPC and More
  • From the EC2 console, create a key pair
  • Launch an EC2 instance
    • Enable Auto-assign public IP
    • Use the default for security group of SSH ingress to
Create IAM Access Keys (Logged in as George)
  • From the IAM console, select Users
    • Select George, then create (and download) access keys
Create IAM Access Keys (Logged in as Edward)
  • From the IAM console, select Users
    • Select Edward, then create (and download) access keys
Connect to EC2 Instance and Perform Tasks (Logged in as Edward)
  • In the EC2 console, connect to the instance using Instance Connect
  • From the command line, run aws configure
    • Use the downloaded access keys
    • For Region, enter us-east-1
  • Copy the contents of the S3 bucket to a /tmp directory
  • Perform of scan of the DynamoDB table

Additional Resources

You are going through a threat emulation exercise and have decided to use Security Hub as the primary tool for investigating threats. The threat emulation will identify various team members in an organization, and your job will be to use Security Hub to find the hacker.

Ensure you are using the N. Virginia (us-east-1) Region throughout the lab.

Threat emulation players' logins:

  • Martina password: 3Kk6!AY36^5h1rolJYb@C

  • George password: 3Kk6!AY36^5h1rolJYb@C

  • Edward password: Snowy2020

Download the template for this hands-on lab: GitHub repository

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?