Lambda Forensics & Incident Response

Jun 19, 2023

--

Welcome to the next episode of our Cloud Forensics training — this time on responding to compromises in AWS Lambda:

What logging is there of Lambda functions?

How CloudWatch structures logs

Lambda automatically streams details about each function invocation, along with logs and other output from your…

docs.aws.amazon.com

https://docs.aws.amazon.com/lambda/latest/operatorguide/parse-logs.html

Lambda Malware

Denonia Lambda Malware

Named “python”
DNS over HTTPs
Custom Monero server 116.203.4.0:3333
Run XMRig from memory
Writes config to hidden file at /tmp/.config.json

https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/

How do you Acquire a Lambda function in Cado?

How do you analyze Lambda in Cado?

https://www.cadosecurity.com/aws-lambda-incident-response/

Lambda in Cado

https://www.cadosecurity.com/aws-lambda-incident-response/

How do you use Lambda for Incident Response?

https://www.cadosecurity.com/automated-analysis-of-critical-cloud-infrastructure-with-cado-and-aws-lambda/

Cloud Forensics

Forensic Labs

Written by Forensic Labs

https://www.cadosecurity.com/

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams