Data Source: AWS Lambda | Detection.FYI

AWS Lambda Function Policy Updated to Allow Public Invocation

Jul 24, 2024 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS Lambda Use Case: Threat Detection Tactic: Persistence ·
Share on:

Identifies when an AWS Lambda function policy is updated to allow public invocation. This rule specifically looks for the AddPermission API call with the Principal set to * which allows any AWS account to invoke the Lambda function. Adversaries may abuse this permission to create a backdoor in the Lambda function that allows them to execute arbitrary code.

Read More
AWS Lambda Layer Added to Existing Function

Jul 24, 2024 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS Lambda Use Case: Threat Detection Tactic: Execution ·
Share on:

Identifies when an Lambda Layer is added to an existing Lambda function. AWS layers are a way to share code and data across multiple functions. By adding a layer to an existing function, an attacker can persist or execute code in the context of the function.

Read More