Invoke
Event
Invokes a Lambda function synchronously or asynchronously, triggering its execution with an optional input payload.
Security Context
- Serverless function invocation can be abused to execute arbitrary code within the cloud environment without provisioning persistent infrastructure.
Log Source
CloudTrail
Sample Event
MITRE ATT&CK Mapping
Tactics: Execution
Techniques:
- T1648 — Serverless Execution — Adversaries may abuse serverless computing, integration, and automation services to execute arbitrary code in cloud environments. Many cloud providers offer a variety of serverless resources, including compute engines, application integration services, and web servers.
- T1059 — Command and Scripting Interpreter — Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms.