Skip to content

Commit

Permalink
Update aws_lambda_function_url.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
nasbench committed Dec 19, 2024
1 parent 0c73a5b commit e073854
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions rules/cloud/aws/cloudtrail/aws_lambda_function_url.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@ title: AWS Created Malicious Lambda Function URL Configuration
id: ec541962-c05a-4420-b9ea-84de072d18f4
status: experimental
description: |
Detects when a user creates a Lambda function URL configuration, which could be used to expose the function to the internet and potentially allow unauthorized access to the function's IAM role for AWS API calls.
This could give an adversary access to the privileges associated with the Lambda service role that is attached to that function.
Detects when a user creates a Lambda function URL configuration, which could be used to expose the function to the internet and potentially allow unauthorized access to the function's IAM role for AWS API calls.
This could give an adversary access to the privileges associated with the Lambda service role that is attached to that function.
references:
- https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunctionUrlConfig.html
- https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-privilege-escalation/aws-lambda-privesc
- https://www.wiz.io/blog/how-to-set-secure-defaults-on-aws
author: Ivan Saakov
date: 2024-09-20
date: 2024-12-19
tags:
- attack.initial-access
- attack.privilege-escalation
Expand Down

0 comments on commit e073854

Please sign in to comment.