EKOPARTY trainings miami 2026
AWS SECURITY – THE PURPLE TEAM WAY
Trainer: Santiago Abastante
🗣 Inglés
🕒 Horario: a confirmar
📆 18 y 19 de mayo 2026 (2 días)
📍ON SITE Miami
Descripción general:
Cloud platforms like Amazon Web Services (AWS) are foundational to many critical
infrastructures and enterprise applications, making them prime targets for attackers. In this
session, we will not only explore the most relevant attack vectors cybercriminals use to
compromise AWS infrastructures but will also simulate these attacks using known threat actor
techniques in an adversary emulation context. From initial access to hardcore persistence, this
talk will provide a comprehensive look at how attackers operate in AWS environments.
We will take a technical journey through the tactics, techniques, and procedures (TTPs)
employed by attackers at every stage of the threat lifecycle, aligned with the MITRE ATT&CK
framework. We’ll start by reviewing common methods of initial access, such as exploiting
exposed credentials or vulnerabilities in services like IAM, Lambda, and EC2. From there, we’ll
detail how attackers escalate privileges, move laterally, and evade detection from tools like
CloudTrail.
The session will conclude with an in-depth look at advanced persistence techniques in AWS,
including the manipulation of IAM policies, backdooring Lambda functions or Docker containers,
and tampering with logs. Along the way, we’ll demonstrate how security teams can implement
defensive and detection strategies to mitigate these risks. By leveraging AWS-native services
and third-party tools, attendees will learn how to enhance their incident response capabilities.
This hands-on workshop will give attendees practical, technical insights into AWS security,
adversary behavior, and how to better defend against sophisticated, persistent attacks. A full
hands-on experience, this presentation ensures deep technical immersion.
This training is designed for security engineers, SOC analysts, incident responders, and
anyone who wants to truly understand AWS security through hands-on work. By the end
of the session, you’ll have a deep understanding on how real attack and defense
techniques work in AWS, being able to understand the hardening requirements, replicate
attacks, generate detection use cases, and execute forensic techniques.
Hacé click aquí para ver el temario completo
Requisitos
- AWS CLI installed
- Terraform installed
- GitHub account for cloning lab repos
- Knowledge of AWS Security Fundamentals
Se enviará previamente un correo electrónico con instrucciones detalladas de configuración.
Material provisto
- Github Repository with the solution to the workshops
Agenda completa
Phase 1: Attacking The Cloud
Title 1: From Initial Access to Privilege Escalation
– Understanding AWS IAM in full
– Lateral Movement with IAM
– Malware Analysis of Team TNT Infostealer
– Getting Credentials from Missconfigurations
– Privilege Escalation via IAM policies
– Privilege Escalation via IAM Roles
– Privilege Escalation via Exec to Instances and Containers
Title 2: From Defense Evasion to Persistence
– Getting Blindspots in the Share Responsibility Model
– Bypassing Guardduty
– Understanding how Cloudtrail logs work
– Tampering Cloudtrail without getting caught
– Living on the land Techniques
– Persistence in AWS via SSH implant
– Persistence in AWS via lotl
Phase 2: The Blue Team Way
Title 1: Security Detection in AWS
– Cloudtrail for API Call Logging
– Understanding the complete supply chain
– SIEM Integration and Detection Use Case Creation
– Understanding the Delays in SIEM integration
– Understanding Event Bridge for Automated Response
Hardening Best Practices
Title 2: Incident Response in AWS
– Using the Cloudtrail Digest to detect tampers
– Creating an Athena table for Cloudtrail Analysis when SIEM Fails
– Using Event History as a last resource
– Forensic Images of EC2 instances
– Network Isolation of AWS instances
– AWS Threat Hunting 101
– How to detect persistence in AWS
Importante: es necesario contar con computadora portátil (laptop) al momento de asistir a los Trainings.
Inscribiendote a los Ekoparty Trainings tenés de regalo una entrada para Ekoparty Miami 2026.
Consultas: ¿Tenés alguna duda sobre el training o sobre los planes de pago?
Escribinos a: capacitacion@ekoparty.org
Trainer:
Santiago Abastante
x-Police Officer and a CyberSecurity Specialist with 10+ years of IT experience. During the course of my career, I’ve worn many different hats, being able to intervene in incidents of multiple magnitudes in both the private and public sector, from bank robberies to cybersecurity breaches to confidential information leaks, leading multidisciplinary teams, learning and improving our security posture with strategic focus.
Master en Dirección Estratégica y Tecnológica (ITBA / EOI)
Licenciado en Tecnologias de la información y Comunicaciones (IUPFA)
AWS Certified Security Speciality
AWS Certified Solution Architect
CSA Certificate of Cloud Security Knowledge