A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


The FaaS and the Curious - AWS Lambda Threat Modeling - Bryan McAninch (Circle City Con 2018 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

The FaaS and the Curious - AWS Lambda Threat Modeling
Bryan McAninch

Circle City Con 2018

Function as a Service (FaaS) platforms facilitate application deployment and event-driven execution with minimal cloud infrastructure and operational overhead. Consequently, the FaaS market is forecasted to grow 33% with an estimated valuation of $7.75B USD by 2021. However, every benefit has a cost and FaaS is no exception. Despite Amazon's diligent efforts to secure their Lambda FaaS platform, its intended ability to access a variety of resources and services can be abused for unintended results. This presentation explores the attack surface of the AWS Lambda FaaS platform and how it can be surreptitiously used to circumvent security controls. Specifically, it will demonstrate how to hijack and impersonate Lambda functions, gain persistent remote access to the AWS cloud environment, and reverse engineer the Lambda runtime environment itself.

Bryan McAninch is an information security professional with over twenty years experience in various disciplines including digital forensics, penetration testing, and security architecture. His current area of research has been focused on the security implications of cloud and container technologies. He holds a Bachelor of Science in Business Administration from the University of Texas at Dallas and a Master of Science in Information Assurance from the University of Dallas. Bryan is passionate about information security and giving back to the community. He is an organizer of the North Texas Cyber Security Group, member of the Dallas Hackers Association, and owner of Prevade Cybersecurity.

Back to Circle City Con 2018 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast