Gone in 60 Milliseconds Intrusion and Exfiltration in Server-less Architectures

Rich Jones

33 min

33 min 2016-12-28

2016-12-28 10669

10669 Fahrplan

Playlists: '33c3' videos starting here

More and more businesses are moving away from monolithic servers and turning to event-driven microservices powered by cloud function providers like AWS Lambda. So, how do we hack in to a server that only exists for 60 milliseconds?

This talk will show novel attack vectors using cloud event sources, exploitabilities in common server-less patterns and frameworks, abuse of undocumented features in AWS Lambda for persistent malware injection, identifying valuable targets for pilfering, and, of course, how to exfiltrate juicy data out of a secure Virtual Private Cloud.

Download

Related

Embed Share:







Tags