Research on Serverless and Dys-FUNctional Cloud Red Teaming presented at SaintCon in Utah on October 27th 2020.
Serverless Compute Technologies (e.g. AWS Lambda, Azure Functions, GCP Cloud Functions, etc.) enables the rapid development of Applications and APIs which can scale to epic proportions at minimal cost. In this session, we will cover the how to quickly develop serverless applications (e.g. AWS SAM) for the purposes of significantly improving and automating typical Red Teaming operations, including:
- Discovering semi-sensitive information (e.g. AWS Account IDs) via analyzing responses from various Cloud services.
- Elegantly Redirecting a Red Team’s Command & Control (C2) through Cloud services (e.g. AWS API Gateway & Lambda, Azure Functions, etc.) to camouflage C2.
- Disrupting Logging Services (e.g. AWS CloudTrail) with Serverless applications (e.g. Lambda) to remain undetected within compromised AWS environments.