Author: Paweł Kusiński
In addition to being a common option in cloud environments, serverless computing is also a suggested method for creating plenty of things! Did you ever consider its mechanics? Is serverless truly server-less? How does the execution environment function? In this event-driven compute service, is persistency even conceivable?
I will not lie – Remote Code Executions and Command Injections are uncommon, but what if one occurs in your function? Additionally, it may be brought in by an attacker through dependency injection. I will demonstrate how to use it to obtain persistency and exfiltrate more data than the function role gives.
Let us figure out:
- How serverless infrastructure functions.
- Why persistency is possible in this semi-volatile environment.
- How to use pseudo shell over HTTP for serverless environment research.
- An exploitation demo – how can we make use of an RCE vulnerability to obtain a persistency.
- Possible mitigations.
Let us hijack the data real-time from the AWS Lambdas and GCP Cloud Functions!
Presented at: Confidence 2022, AlligatorCon 2022, Secops Polska Meetup #32, DevSecCon Poland 2022, AWS Community Day Warsaw 2022.