Webinar on Demand

Investigating a Cloud Attack With Cado Community Edition

Cado Security recently released a free community edition along with a Capture the Flag (CTF) challenge for the purpose of educating incident responders on how to investigate attacks on cloud-based systems. In this webinar, Cado Security walks through the Capture the Flag (CTF) challenge and determines how the AWS system was compromised using the Cado Community Edition. 


Watch on demand to learn: 

  • How to leverage key features in the Cado Community Edition to speed up investigation and response
  • How bad actors are compromising cloud assets such as AWS EC2s
  • How to analyze various data sources including AWS GuardDuty logs and full volume captures

Watch On Demand

Webinar Speakers

Paul Stamp - Headshot

Paul Stamp

VP of Products
Jordan Bowen - Headshot

Jordan Bowen

Director of Product Marketing

Want to flex your skills?

See if you can solve the CTF challenge using the Cado Community Edition before the webinar.
Step 1:
Step 2:
In the 'help' section of the platform, click “Import CTF data”
Step 3:
Answer the challenge questions

Challenge Questions

1.   A plugin on which locally installed application was used to install a backdoor?

2.   What tool did the attacker use to upload files onto the system?

3.   What URL did the attacker use as a command and control site (note: you can access this site safely)?

4.   What was the name of the file the attacker downloaded and decompressed containing the payload (note: we deleted this actual file from the CTF data for security reasons)?

5.   What was the ID of the wallet the cryptomining spoils went to?

Background: AWS GuardDuty raised a notification that an instance in the AWS account was accessing a known BitCoin mining address. The CTF data imported is the AWS GuardDuty logs, plus a disk image of the instance in question. The original image file was over 8GB in size, but for the purposes of this capture the flag, we reduced it down to around 30MB.