Abuse of AWS Lambda Function URLs (AuthType: NONE) for C2
DLL side-loading (specifically mscorsvc.dll via mscorsvw.exe)
Deployment of malicious Lambda functions using stolen IAM credentials
Exfiltration via legitimate cloud services (Google Drive, Dropbox)
HazyBeacon Windows backdoor deployment
Persistence through Windows service creation