Toggle Side Panel

Close search

Announcing our latest course: AWS Lambda Security Labs

christophe
Christophe July 27, 2025
0 Comments
AWS Lambda Security Labs Course Announcement

Earlier this year we launched some awesome AWS Lambda CTFs that have received great feedback. But unless you already have experience with finding Lambda vulnerabilities, they can be a bit intimidating. That’s why we’ve been working on a series of AWS Lambda security Hands-On Labs that go from launching your first Lambda function all the way to finding the nastiest types of vulnerabilities—all within realistic environments.

After all, the feedback we keep getting from the community is simple: You want real environments, actual vulnerabilities, and the kind of practical experience that translates directly to finding issues in production.

That’s exactly what we’ve built with our latest course: AWS Lambda Security Labs.

Following the approach we took with one of our most popular courses, “AWS IAM Privilege Escalation Labs,” this new course is entirely made up of Hands-On Labs. You won’t find a single slideshow because you’ll be too busy in the AWS CLI and Console exploiting real Lambda vulnerabilities. This is our most hands-on serverless security course yet.

Let’s break it down and take a closer look!

Why you need to learn about AWS Lambda Security

Serverless functions are everywhere now. They’re handling sensitive data, connecting to databases, processing user input, and interacting with other AWS services. But here’s the problem: many teams assume serverless means “more secure by default” since they’re not managing the underlying infrastructure.

That’s a dangerous misconception.

Lambda functions create an attack surface that combines application security risks with cloud-specific vulnerabilities. You’re not just dealing with a standard web app, and you’re also not just dealing with a cloud resource. It’s a mixture of the two.

That’s what we aim to address with this course and these Hands-On Labs.

What makes this course different

Every single lesson is a hands-on lab that builds on the previous one. We start with the absolute basics: launching your first Lambda function and understanding how they work, then progressively guide you through increasingly sophisticated attack scenarios.

You’ll begin with fundamental Lambda enumeration techniques, then move through realistic exploitation labs including local file inclusion attacks against Secrets Manager, server-side template injection for environment variable extraction, SSRF attacks targeting S3 buckets, and command injection leading to DynamoDB compromise.

By the final labs, you’ll be tackling advanced scenarios that mirror real-world Lambda security assessments. Most training platforms can’t offer this kind of structured, progressive hands-on Lambda security training because creating safe, isolated serverless environments at this scale is complex and risky. This is exactly what we specialize in.

What you’ll do

By the time you finish this course, you’ll know how to:

  • Enumerate and reconnaissance Lambda functions using specialized techniques and tools
  • Identify serverless misconfigurations that lead to real security vulnerabilities
  • Exploit Lambda-specific attack vectors including LFI, SSTI, SSRF, and command injection in serverless contexts
  • Access sensitive AWS resources through compromised Lambda functions
  • Use CloudFox and other specialized tools for Lambda security testing
  • Escalate privileges from Lambda function compromise to broader AWS environment access

Who this is for

We built this for security practitioners who need real skills they can use immediately:

  • Cloud penetration testers who need to understand serverless attack vectors
  • Security researchers exploring serverless vulnerabilities
  • Serverless security engineers responsible for securing Lambda deployments
  • Cloud architects and engineers who want to understand Lambda security from an attacker’s perspective
  • DevSecOps teams implementing security testing for serverless applications

Both red teamers and blue teamers will gain practical skills they can apply directly on the job to find vulnerabilities and demonstrate real-world impact.

What you need before starting

This course starts at beginner level and progresses to intermediate techniques, so you don’t need to be a Lambda expert. You should have:

  • AWS CLI installed and basic familiarity with AWS services
  • Some experience with common web vulnerabilities (LFI, SSTI, SSRF, command injection) – helpful for the later challenges (if you need to brush up on your web app pentesting, we have multiple courses on the subject)
  • If you’re completely new to AWS, start with our Introduction to AWS Security course first

Ready to learn Lambda security through hands-on exploitation? The labs are waiting.

Categories: Beginner, Cloud Security, Intermediate, Red Team, Serverless Security
Tags: , ,
christophe
Christophe

Related Articles

Responses

Your email address will not be published. Required fields are marked *


Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts

Please allow a few minutes for this process to complete.

Report

You have already reported this .