Lambda Forensics & Incident Response
Jun 19, 2023
Welcome to the next episode of our Cloud Forensics training — this time on responding to compromises in AWS Lambda:
What logging is there of Lambda functions?
https://docs.aws.amazon.com/lambda/latest/operatorguide/parse-logs.html
Lambda Malware
Denonia Lambda Malware
- Named “python”
- DNS over HTTPs
- Custom Monero server 116.203.4.0:3333
- Run XMRig from memory
- Writes config to hidden file at /tmp/.config.json
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
How do you Acquire a Lambda function in Cado?
How do you analyze Lambda in Cado?
https://www.cadosecurity.com/aws-lambda-incident-response/
Lambda in Cado
https://www.cadosecurity.com/aws-lambda-incident-response/
How do you use Lambda for Incident Response?