Cloud Threat Hunting: Investigating Lateral Movement

Written by checkpoint | Published 2021/08/28
Tech Story Tags: cloud-security | cloud-computing | security | cybersecurity | lateral-movement | checkpoint | aws | good-company

TLDR The latest installation of the Cloud Threat Hunting: Attack and Investigation Series, we present the most involved attack flow yet. We break down all of the steps a threat actor took to successfully exfiltrate data out of an AWS account. This attack began with a compromised pair of AWS access keys. The actor learns that the AWS name for a Lambda function (the name for this function) is identical to the name in the victim’s account. Once they assume the role and move laterally, they will be able to execute those same commands. Abusing the function's code to be malicious and retrieving environmental variables could break the functionality of the function and alert the victim of an attacker.via the TL;DR App
no story
Written by checkpoint | Welcome to the Future of Cyber Security. Providing solutions across all vectors to prevent 5th generation cyber attacks.
Published by HackerNoon on 2021/08/28
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy