TryHackMe Monitoring AWS Services | Full Walkthrough 2026

Описание: 🦊 Discover common attacks on AWS services and learn how to protect against them.

🍒 Room link: https://tryhackme.com/room/monitoring...

[Timestamps]

[00:00:00] Task 1: Introduction
[00:01:53] Task 2: S3 Attacks and Defenses
[00:27:25] Task 3: EC2 Internet Exposure
[00:43:18] Task 4: Risks of Public Databases
[00:57:20] Task 5: Detecting Cloud Discovery
[01:05:36] Task 6: Denial of Wallet Attacks
[01:08:17] Task 7: Conclusion

🚨 Room Tasks: 🚨

🐛 Task 1: Introduction
🌸 Task 2: S3 Attacks and Defenses
When did Alex disable the "S3 Public Access Block" feature?
What is the SID of the applied policy that made the bucket public?
Which IP address started the bucket scan soon after it was exposed?
How many filenames were attempted, and which file was exfiltrated?
🐈 Task 3: EC2 Internet Exposure
Which security group did Emma create, and which risky service did it expose?
Which EC2 instance ID was created shortly after and uses that security group?
According to the GuardDuty alert, which IP soon attacked the instance?
When did Emma revoke the insecure rule from the security group?
🥞 Task 4: Risks of Public Databases
What is the name (instance identifier) of the created RDS instance?
Which two events indicate the database is Internet-exposed? Provide the first part of their eventID in chronological order
🩷 Task 5: Detecting Cloud Discovery
What was the second Discovery command the adversary ran?
Which other IAM user did the adversary discover and backdoor?
🐍 Task 6: Denial of Wallet Attacks
What does the acronym DoW stand for?
Should you monitor DoW with the same effort as DoS? (Yea/Nay)
🔑 Task 7: Conclusion

⚠️ Educational Purpose Only
This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems.

#tryhackme #aws