Episode 58 — Harden serverless functions to block persistence, reinfection, and silent reuse
This episode explains hardening strategies for serverless functions with a focus on attacker goals that are easy to miss: persistence through configuration changes, reinfection through supply chain or deployment paths, and silent reuse of compromised identities or triggers. You’ll define persistence in serverless terms, including modified environment variables, altered triggers, injected dependencies, or deployment pipeline abuse that reintroduces malicious changes after cleanup. We’ll walk through a scenario where a function is cleaned up after suspicious activity, but the attacker retains access by modifying a trigger or redeploying through a compromised automation identity, and you’ll design controls that prevent recurrence. You’ll learn best practices such as restricting who can change function configuration, locking down deployment roles, limiting outbound access, using short-lived credentials where possible, and ensuring logs can correlate invocations to configuration states at the time of execution. The emphasis is on making serverless security durable against repeated attempts, which is both operationally realistic and exam-aligned. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
