Is persistence on serverless even possible?! Pwning AWS Lambdas & GCP Cloud Functions
Serverless computing is not only a popular option in the cloud environments, but besides a suggested method for creating quite a few things! Did you even think about how it works under the hood? Is serverless truly server-less? How execution environment works? Is persistence even possible in this event-driven compute service? I won’t be lying - distant Code Executions are rare, but what if there is 1 in your function? I will show how to usage it to get persistency and exfiltrate more data than function function gives. Let’s discover: How the infrastructure in serverless works. Why persistence is possible in this semi-volatile environment. How to investigation serverless environment utilizing pseudo shell over HTTP. How can we make usage of an RCE vulnerability to get a persistence – exploitation demo will be shown! Possible mitigations. Let’s hijack the data real-time from the AWS Lambdas and GCP Cloud Functions!
Website: https://confidence-conference.org
Facebook: https://www.facebook.com/confidence.conference
Twitter: https://twitter.com/confidenceconf
![[#104] Wykorzystanie narzędzi BAS do wzmocnienia bezpieczeństwa - Piotr Kawa, Błażej Długopolski](https://i1.ytimg.com/vi/-wnYrwWZA38/maxresdefault.jpg)
![[#103] Jak regulacje determinują architekturę środowiska IT - Wojciech Wencel](https://i1.ytimg.com/vi/26Vr-y2G_xQ/maxresdefault.jpg)
