What you'll learn

Serverless and microservice architectures reduce operational overhead but also introduce new, often misunderstood, attack surfaces. From unauthorized code tampering to privilege escalation and credential harvesting, modern adversaries increasingly target cloud functions as an entry point into enterprise environments. In this course, Specialized Hunts: Threat Hunting within Cloud Functions and Microservices, you’ll learn how to proactively identify and investigate these threats using real-world logs, CLI tools, and SIEM visualizations. First, you’ll uncover unauthorized code changes and suspicious outbound activity, from compromised Lambda functions, by analyzing CloudTrail and VPC Flow Logs. Next, you’ll detect privilege escalation attempts by spotting abnormal IAM API usage from serverless workloads. Then, you’ll hunt for credential theft by correlating Secrets Manager access with network and function-level telemetry. Finally, you’ll identify fuzzing, injection attempts, and error-driven attacks by analyzing Lambda failure patterns and correlating them with upstream event-source anomalies. By the end of the course, you’ll be able to hunt, detect, and understand adversary activity targeting modern cloud-native workloads, equipping you to defend enterprise serverless environments with confidence.