AWS under attack !


During this presentation, the speaker will walk you through an investigation of a realistic incident representative of the attacks currently observed on this type of environment (AWS).

Through this fictitious investigation, a review of the native security controls and their importance will be performed. Additional Open-Source tools, useful in the context of an investigation, will also be presented.

The following topics will be covered: network security, logging, automated response, intrusion detection, privilege abuse.

At the end of the presentation, the audience will be shown the importance of several controls and the difference between a hardened AWS environment and a “vanilla” environment.


Jeff Borr is a cloud security consultant, newly hired at Bloggist, a content publishing company whose platform is hosted on AWS.

While Jeff is still filling out his HR forms, his future manager walks into the room in a panic and tells him that their site has been hacked and they need him urgently.

Follow Jeff on a fictional investigation that will lead him to discover the security holes in their AWS account and the first actions he must take in a hurry to stop the attacker.

Presented by Cédric Thibault


About Cédric Thibault

Partner at KPMG and Senior Vice President of KPMG-Egyde, Cédric Thibault holds a Msc. in IT security, and has several certifications (CISSP, CCSK, AWS 6x, Terraform, GCSA) related to cybersecurity and the Cloud.

Passionate about security issues in cloud environments, Cédric is more particularly specialized on AWS and on the implementation of DevSecOps strategies.

His favorite phrase is : Never stop to learn!