Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research

CloudTrail is a crucial AWS service that provides a record of API calls and other important activities in AWS environments. Teams can use this information for auditing purposes and to identify potential security incidents. If an attacker who has gained a foothold in an environment can perform actions without CloudTrail logging them, they’ll be able to conceal their activities and become functionally invisible to the victim.

Bypassing CloudTrail for AWS services is an active field of research. In previous publications, …

actions api auditing aws bypassing catalog cloudtrail conceal environment environments identify important incidents information logging research security service teams victim