A Proof of Concept for an AWS Lambda malicious code generator tool

Abstract

Supply chain poisoning is a type of attack where malicious code is inserted into otherwise legitimate software, and with the rise of cloud solutions and services more threat surface is revealed for this attack. The purpose of this research was to investigate whether an automated solution for generating malicious code and exfiltrating sensitive data from an AWS Lambda function using said code automatically was possible within the timespan allocated to this research.