Focused on using Guard Duty and Detective to analyze an SSH brute force attack on an EC2 instance, strengthening incident response skills.

Today's Focus: I returned to Pwned Labs today, tackling a real-world security challenge. Using Amazon Detective and GuardDuty, I investigated an SSH brute force attack targeting an EC2 instance.

This exercise emphasized the critical role of incident response and the importance of proactive security measures.

Key Takeaways:

Threat Investigation: Leveraged GuardDuty and Detective to trace the attack's origin and assess the scope of the breach.

Log Analysis: Analyzed SSH logs to confirm the brute force attack's success and understand the attacker's actions.

Remediation: Isolated affected resources, rotated credentials, and strengthened access controls to prevent similar incidents.