Serverless computing is not only a popular option in the cloud environments, but besides a suggested method for creating quite a few things! Did you even think about how it works under the hood? Is serverless truly server-less? How execution environment works? Is persistence even possible in this event-driven compute service?
I won’t be lying - distant Code Executions are rare, but what if there is 1 in your function? I will show how to usage it to get persistency and exfiltrate more data than function function gives.
Let’s discover:
How the infrastructure in serverless works.
Why persistence is possible in this semi-volatile environment.
How to investigation serverless environment utilizing pseudo shell over HTTP.
How can we make usage of an RCE vulnerability to get a persistence – exploitation demo will be shown!
Possible mitigations.
Let’s hijack the data real-time from the AWS Lambdas and GCP Cloud Functions
Oh My H@ck: https://omhconf.pl/
![[#102] Nowe obowiązki w cyberbezpieczeństwie. Co warto wiedzieć o NIS2? - J.Stępniowski, A.Zomerska](https://i1.ytimg.com/vi/3o71TSsS9j0/maxresdefault.jpg)
