Maxwell Bruce

Exploring Malicious Lambda Layers

In this talk, we will unveil several critical vulnerabilities discovered within AWS Lambda's Layer plugin system that pose a significant security risk, potentially allowing attackers to conduct Man-In-The-Middle (MITM) attacks on Lambda functions using specially crafted layers, and even read and edit the memory of the Lambda function itself. By exploiting this flaw, attackers can manipulate the input and output of Lambda functions, enabling unauthorized access to sensitive information and compromising the integrity of serverless applications. Our presentation will detail the methodology used to identify and exploit this vulnerability, shedding light on the potential for creating malicious plugins that subvert the security of AWS Lambda environments.Transitioning from identifying the vulnerability, we will delve into strategies for its mitigation and explore security best practices to protect against such vulnerabilities. Additionally, we will examine how we repurposed these same techniques for enhancing security measures, particularly in the implementation of Web Application Firewalls (WAFs), to monitor and filter traffic to and from a Lambda function.

Starting from: $500

Unchain your mind at LambdaConf 2024

Buy tickets