This blog post discussed techniques implemented across the kill chain, from initial access to lateral movement to impact. One of the goals of FOR509 is to teach responders how to look into all these different aspects of cloud attacks, including investigating IAM logs, analyzing service-specific actions being taken, and understanding resource-level activity in logs.