Serverless Infections - Malware Just Found a New Home

Explore the emerging threat of serverless infections in this eye-opening conference talk from BSidesLV 2018. Delve into the evolution of serverless computing, focusing on AWS Lambda and its security implications. Learn about the benefits and downsides of serverless architectures, and witness a live demonstration of code injection techniques targeting Lambda functions. Discover how malware can exploit serverless environments, including methods for persistence, cross-contamination, and privilege escalation. Gain key insights into protecting serverless infrastructures and understand the potential risks associated with this new frontier in cloud computing. Equip yourself with essential knowledge to safeguard against serverless-based attacks in this comprehensive 41-minute presentation by security expert Erez Yalon.

Introduction
Agenda
Serverless Evolution
The Magic
The Benefits
The Downsides
The Competitors
AWS Lambda
AWS Lambda Functions
Security
Lambda Security
Challenge Accepted
Playground
URL
Example
What is Code Injection
lambda test route
exfiltration
payload
hacker container
AWS Lambda Documentation
Update Lambda Functions
Clean House
Users
Persistent Infection
Reset Function
CrossContamination
Execution Roll
Full Access
Sample
VPC
Amazon VPC
Key takeaways
Questions