Welcome to my AWS Cloud Cybersecurity Home Lab repository! This lab is designed to enhance my skills and knowledge in cloud-based cybersecurity, focusing on various AWS services and tools. The lab includes honeypot deployment, network traffic monitoring, and threat detection and analysis.

• Objective: Deploy and configure a T-Pot honeypot for intrusion detection.
• Setup:
  • Deployed on an EC2 instance.
  • Configured network segmentation with subnets and security groups.
• Outcome: Successfully attracted and logged malicious activities.

• Objective: Monitor network traffic using VPC flow logs.
• Setup:
  • Configured VPC flow logs to feed data to CloudWatch.
  • Set up dashboards and alarms for real-time monitoring.
• Outcome: Achieved comprehensive network visibility and proactive monitoring.

• Objective: Enhance threat detection and incident analysis.
• Setup:
  • Enabled Guard Duty for continuous monitoring.
  • Used Detective for in-depth analysis of security findings.
• Outcome: Strengthened threat detection and response capabilities.

• EC2: Hosting T-Pot honeypot instance.
• Security Hub: Centralized view of security alerts and compliance status.
• CloudWatch: Monitoring and logging of VPC flow logs and other metrics.
• IAM: Identity and Access Management for securing AWS resources. Idenities managed for users and service inegrations
• CloudTrail: Logging of AWS API calls for auditing and compliance to ensure secure access control between services.
• S3: Storage for logs and other data.
• Billing and Cost Management: Monitoring AWS usage and expenses.
• IAM Identity Center: Centralized identity management.
• Guard Duty: Threat detection and monitoring of T-Pot instance for malicious activity.
• Detective: Detailed analysis and investigation of potential security issues to aid with threat hunting.