Lambda Takeover: Part 1
This is a proof of concept about how weak security controls placed around Lambda functions can lead to potential total compromise. This PoC assumes that the viewer has an understanding of what Lambda is, how it functions, and why organizations integrate it into their infrastructure.
If you need a crash course of what Lambda is, AWS has plenty of documents on it. I suggest you start here: https://docs.aws.amazon.com/lambda/latest/dg/welcome.html
With that being said, let’s go ahead get to the good stuff.
The Setup
Before we get started, we need to have a couple of things in order. First, we need to have Kali Linux hosted on an EC2 instance. If you don’t know how to do that, check out my article on how to deploy Kali Linux in AWS.
We will also need to have a barebone Lambda function created. Check out the following document to help you with that.