Lambda Forensics & Incident Response

Forensic Labs
Jun 19, 2023


Welcome to the next episode of our Cloud Forensics training — this time on responding to compromises in AWS Lambda:

What logging is there of Lambda functions?

Lambda Malware

Denonia Lambda Malware

  • Named “python”
  • DNS over HTTPs
  • Custom Monero server
  • Run XMRig from memory
  • Writes config to hidden file at /tmp/.config.json

How do you Acquire a Lambda function in Cado?

How do you analyze Lambda in Cado?

Lambda in Cado

How do you use Lambda for Incident Response?