Detection Engineering for Cloud DDoS Against a Public-Sector Portal
Overview
What this challenge is about.
Receive sanitized logs from the 2 prior incidents (CloudFront, ALB, WAF) and the current AWS architecture. Design: 6 Sigma detection rules (mix L7 floods, slow-POST, low-rate distributed scrapers, JA3/JA4 anomaly), a tiered WAF policy (rate-based for IP, ASN-based for known-abusive networks, bot-control managed rule), and a Shield Advanced response runbook. Run a paper tabletop exercise with on-call engineers simulating an L7 flood during a policy launch. Deliver: detection design (14 pages), Sigma rule library, 10-page on-call runbook, and a tabletop exercise report.
The Brief
What you'll do, and what you'll demonstrate.
Build a layered detection-and-response stack for application-layer DDoS that survives a tabletop simulation of an announcement-day L7 flood.
Earning criteria — what you'll demonstrate
- Author Sigma rules for application-layer DDoS patterns
- Design tiered WAF policies that minimize false positives on citizens
- Coordinate Shield Advanced response with WAF and CloudFront
- Run a tabletop exercise that produces measurable on-call improvements
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.