Threat Hunting

Cloud Trail Pattern Hunt

Hunt through normalized cloud activity logs for privilege drift and risky automation tokens without touching a real cloud tenant.

Cover visual for Cloud Trail Pattern Hunt
Duration
20 hours over 3 weeks
Format
Hybrid
Tuition (informational)
₩610,000
Schedule a call about this track

Tuition is informational on this static site. Operational agreements happen offline with your procurement team.

Inside the lab

You work with curated slices that resemble identity and automation trails. Exercises emphasize pattern naming, safe querying habits, and writing short hunt outcomes suitable for engineering partners.

What you practice

  • Curated identity and automation scenarios
  • Query sketchpad with syntax hints
  • Partner-safe wording guide for engineering tickets
  • Office hours with a cloud cost ops guest segment on noisy telemetry

Outcomes

  • Draft three hunt queries with stated assumptions
  • Spot privilege drift signals in synthetic trails
  • Open a engineering-ready ticket with evidence excerpts
Portrait slot for Jiwon Choi

Jiwon Choi

Technical instructor specializing in cloud identity narratives for blue teams.

FAQ — two column tabs

Questions on the left cover access and scope; right column covers expectations.

AWS only?

Most slices feel multi-cloud; one module is AWS-shaped, another is vendor-neutral identity concepts.

Cloud accounts needed?

No personal cloud account required.
What is out of scope?

We do not teach cloud architecture certification breadth; this stays hunt-shaped.

Experience notes

“The automation token storyline mirrored a weird ticket we saw last quarter. The partner-safe wording guide saved me a rewrite.”
Marcus L. · SOC analyst · Enterprise client retail · 5/5
“Dense but fair. Week two could use one more short recap video.”
Priya · 4/5