In addition to being a common option in cloud environments, serverless computing is also a suggested method for creating plenty of things! Did you ever consider its mechanics? Is serverless truly server-less? How does the execution environment function? In this event-driven compute service, is persistency even conceivable? I will not lie – Remote Code Executions and Command Injections are uncommon, but what if one occurs in your function? Additionally, it may be brought in by an attacker through dependency injection. I will demonstrate how to use it to obtain persistency and exfiltrate more data than the function role gives. Let us figure out: - How serverless infrastructure functions. - Why persistency is possible in this semi-volatile environment. - How to use pseudo shell over HTTP for serverless environment research. - An exploitation demo – how can we make use of an RCE vulnerability to obtain a persistency. - Possible mitigations. Let us hijack the data real-time from the AWS Lambdas and GCP Cloud Functions! Presented at: Confidence 2022, AlligatorCon 2022, Secops Polska Meetup #32, DevSecCon Poland 2022, AWS Community Day Warsaw 2022.