Serverless Infections: Malware Just Found a New Home

Closed captioning will be available in English and Japanese for all keynotes and RSAC track sessions.
Please note: All times are in SGT.

Checkmarx implemented the first RCE attack in a serverless environment that’s both stored and viral. They built a PoC to show how information extraction/exfiltration is done and demonstrated how the payload persists and can be injected into other non-vulnerable functions. Checkmarx then tested to see if the same would work on Azure and Google Cloud. This session will present their findings.

Learning Objectives:
1: Discover security challenges that come with working in a security environment.
2: Learn how data is infiltrated, infected and exfiltrated in serverless environments.
3: Understand how self-duplicating attacks can survive within code.

Download pdf