If you are using AWS CloudTrail Lake, take advantage of the new ability to delegate the administration of Cloud Trail to a different account from the Organization management (root) account.
Added GTFOBins detection for legitimate Amazon Linux filenames, full paths, and SHA256 hashes that allow living off the land to bypass host security. #aws#dfir
Amazon Linux Triage for Anyone and Everyone helps identify directories, filenames, paths, and sha256 hashes expected as part of the operating system. #AWS#DFIR
https://t.co/RurrKcUoaL