Lambda Shell - A site to explore the security of AWS Lambda
Lambda Shell
A site to explore the security of AWS Lambda
Screenshots
Hunter's comment
Lambda Shell is a web appllication where you can test the security of AWS Lambda for the sake of exploring and improving the security of serverless web applications. The site gives you the ability to run linux commands via an exec that is run from a Lambda. The site is a challenge to see if anyone could take over a Lambda and pivot their way to full account take over
Link
Contributors
Hunter: @netscape101
This is posted on Steemhunt - A place where you can dig products and earn STEEM.
View on Steemhunt.com
Great hunt @netscape101! This hunt has been verified and approved by the Steemhunt Moderation Team. Great job! Happy hunting.
Please read our posting guidelines. If you have any questions, please join our Discord Group.
Thanks
Description on the site:"This is a simple AWS lambda function that does a straight exec. Essentially giving you a shell directly in my AWS infrastructure to just run your commands. A security teams worst nightmare.
Do whatever you want. Ultimate goal: take over the account, escalate privs or find some sensitive info.
Configured with all default permissions and settings. This service will sit for a bit and if nothing interesting happens it will be reconfigured very insecurely to see what happens.
$1,000 Bounty. Found something? Let me know at [email protected]"
You got a 11.58% upvote from @joeparys! Thank you for your support of our services. To continue your support, please follow and delegate Steem power to @joeparys for daily steem and steem dollar payouts!