Serverless computing is not only a popular option in the cloud environments, but besides a suggested method for creating quite a few things! Did you even think about how it works under the hood? Is serverless truly server-less? How execution environment works? Is persistence even possible in this event-driven compute service?
I won’t be lying - distant Code Executions are rare, but what if there is 1 in your function? I will show how to usage it to get persistency and exfiltrate more data than function function gives.
Let’s discover:
How the infrastructure in serverless works.
Why persistence is possible in this semi-volatile environment.
How to investigation serverless environment utilizing pseudo shell over HTTP.
How can we make usage of an RCE vulnerability to get a persistence – exploitation demo will be shown!
Possible mitigations.
Let’s hijack the data real-time from the AWS Lambdas and GCP Cloud Functions
Oh My H@ck: https://omhconf.pl/
![[#104] Wykorzystanie narzędzi BAS do wzmocnienia bezpieczeństwa - Piotr Kawa, Błażej Długopolski](https://i1.ytimg.com/vi/-wnYrwWZA38/maxresdefault.jpg)
![[#103] Jak regulacje determinują architekturę środowiska IT - Wojciech Wencel](https://i1.ytimg.com/vi/26Vr-y2G_xQ/maxresdefault.jpg)
