Checkmarx implemented the first RCE attack in a serverless environment that’s both stored and viral. They built a PoC to show how information extraction/exfiltration is done and demonstrated how the payload persists and can be injected into other non-vulnerable functions. Checkmarx then tested to see if the same would work on Azure and Google Cloud. This session will present their findings.
Learning Objectives: 1: Discover security challenges that come with working in a security environment. 2: Learn how data is infiltrated, infected and exfiltrated in serverless environments. 3: Understand how self-duplicating attacks can survive within code.