Exploring Malicious Lambda Layers By Elijah Lord and Maxwell Bruce at #LambdaConf2024.
Get your ticket for #LambdaConf2025 here: https://www.eventbrite.com/e/lambdaconf-2025-tickets-903567092497
In this talk, we will unveil several critical vulnerabilities discovered within AWS Lambda's Layer plugin system that pose a significant security risk, potentially allowing attackers to conduct Man-In-The-Middle (MITM) attacks on Lambda functions using specially crafted layers, and even read and edit the memory of the Lambda function itself. By exploiting this flaw, attackers can manipulate the input and output of Lambda functions, enabling unauthorized access to sensitive information and compromising the integrity of serverless applications. Our presentation will detail the methodology used to identify and exploit this vulnerability, shedding light on the potential for creating malicious plugins that subvert the security of AWS Lambda environments. Transitioning from identifying the vulnerability, we will delve into strategies for its mitigation and explore security best practices to protect against such vulnerabilities. Additionally, we will examine how we repurposed these same techniques for enhancing security measures, particularly in the implementation of Web Application Firewalls (WAFs), to monitor and filter traffic to and from a Lambda function.