Hands-On Labs Added March & April 2025: AWS Blue Teaming
We added two new Hands-On Labs to Cybr’s growing labs catalog, both of which focus on AWS security blue teaming activities. Let’s check them out!
Securing S3 Against Ransomware with YES3

Learn how to identify and remediate common S3 security misconfigurations that can lead to S3 ransomware vulnerability (and other issues) using Fog Security’s YES3 Scanner tool. Explore a pre-configured AWS S3 bucket with intentional security misconfigurations, run security scans to detect issues like disabled public access blocks, inadequate encryption, disabled versioning, and missing logging configurations. Then, implement security best practices by enabling versioning, turning on block public access, and removing public bucket policies. By the end of the lab, you will understand how to assess S3 security posture, address vulnerabilities that could lead to unauthorized access or ransomware attacks, and verify their remediation efforts through follow-up scans.
Policy as Code with CloudFormation Guard

Learn how to implement policy-as-code using AWS CloudFormation Guard – an open-source tool that helps validate infrastructure templates against organizational policies. You’ll install Guard, create a simple CloudFormation template defining an S3 bucket, and write Guard rules to enforce security standards like proper bucket naming conventions and versioning requirements. You’ll then run Guard and see how it identifies non-compliant resources. You’ll then correct the policy violations and verify compliance – demonstrating how policy-as-code can help catch configuration mistakes before deployment and ensure your infrastructure follows corporate governance standards.
Responses