Lambda Function URLs in AWS: What Pentesters Need to Know скачать в хорошем качестве

Lambda Function URLs in AWS: What Pentesters Need to Know

📌 Serverless doesn’t mean secure. In this video, I take a hands-on look at AWS Lambda Function URLs and how small configuration decisions can expose real attack paths in cloud environments. Using the CloudFoxable challenges Furls 1 and Furls 2, I demonstrate how publicly accessible Lambda Function URLs can be discovered during an assumed breach scenario, why they’re difficult to enumerate from pure black-box testing, and how they’re abused in practice. We walk through manual enumeration with the AWS CLI and then compare it with automated discovery using CloudFox, highlighting common misconfigurations such as publicly exposed Function URLs and sensitive data stored in Lambda environment variables. ⏱️ Timestamps 00:00 - Intro 00:57 - AWS Lambda and Lambda Function URLs explained 01:56 - Enumeration cases 03:15 - CloudFoxable 03:48 - Furls1 (manual) 06:39 - Furls1 (automation - cloudfox) 08:28 - Furls2 (manual) 11:27 - Furls2 (automation - cloudfox) 12:15 - Conclusions and outro 🔗 Links & socials LinkedIn:   / katerina-shevchenko01   Twitter / X: https://x.com/m0rn1ngstr _________________________________________ ⚠️ Disclaimer This video is for educational and ethical security testing purposes only. The views expressed are my own and do not represent the views of my employer or any organization I’m affiliated with.