Attacking and Defending Serverless

Serverless technologies are popular when designing infrastructure. Work with various AWS components to understand how they can be exploited.

Serverless functions heavily utilise event-driven architecture for various use cases, including data processing and dealing with change of state from adjacent applications or services. Gets hands-on with Lambda, step functions and more to exploit these services in real-world scenarios.

AWS Lambda

Learn the security aspects of Amazon's serverless service

Lambda - Data Exfiltration

Try your hand and compromising Lambda functions to access secret data.

AWS API Gateway

An overview of security features and common attacks for the AWS API Gateway service.

Need to know

Attacking and Defending Core Services

Explore security misconfiguration on commonly used AWS services, including EC2, S3, VPC and more

Next steps

IAM Privilege Escalation

Put your understanding of IAM to practice by covering key concepts required to enumerate, exploit and persist across IAM.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).