Enfilade is a tool designed to detect infections in MongoDB instances, developed by a team at F5 and aimed at enhancing internet security. It supports modules for information gathering, authentication checks, admin privilege assessment, and detecting potential infections like ransomware and botnets. The tool will continue to evolve with additional modules planned for future releases.

1. Enfilade: A Tool to Detect
Infections in MongoDB Instances

2. About Tool
Disclaimer
https://github.com/adityaks/strafer
Tool presented in this talk is for sharing research with security
community to strengthen the intelligence efforts for enhancing the
security of critical services on the internet.
Note: Due to Covid-19 Delta variant challenge and travel restrictions, we were
not able to present in-person at the BlackHat USA Arsenal 2021.

3. About Tool
Development
This is the first release of the tool and we expect to add more modules in the nearby future. This
work is done in collaboration with the Research Team at the Office of the CTO, F5
(https://www.f5.com/company/octo)

4. BlackHat Arsenal USA 2021

5. About Tool
Enfilade Project Team
https://github.com/adityaks/strafer
• Dr. Aditya K Sood
o Security Practitioner and Researcher
o Working in the security field for more than 13 years
o Regular speaker at industry leading security conferences
o Author of “Targeted Cyber Attacks” and “Empirical Cloud Security” Books
o W: https://www.adityaksood.com
o T: @adityaksood
o LinkedIn: https://www.linkedin.com/adityaks
• Rohit Bansal
o Principal Researcher, SecNiche Security Labs
o https://secniche.org/
MongoDB Threats Research. And
Intelligence Collection
MongoDB Threats Research and
Tool Development

6. About Tool
Mongodb threats and attacks landscape

7. About Tool
• Enfilade: A tool to detect potential infections in MongoDB instances
• In this version of the tool, the following modules are supported:
o MongoDB instances information gathering and reconnaissance (inline)
o MongoDB instances exposure on the Internet (authentication checks)
o MongoDB instances admin privileges assessment
o Detecting potential ransomware infections in the MongoDB instances
o Basic
o Intrusive
o Detecting potential botnet infections such as meow botnet
o Basic
o Intrusive
Introducing Enfilade

8. About Tool
Introducing Enfilade

9. About Tool
Detecting unauthenticated mongodb instances

10. About Tool
Privilege abuse: admin access (user creation)

11. About Tool
Detecting Ransomware Infections (Basic)

12. About Tool
Detecting Ransomware Infections (Intrusive)

13. About Tool
Detecting MEOW Botnet Infections (Basic)

14. About Tool
Detecting MEOW Botnet Infections (Intrusive)

15. About Tool
Enfilade Tool: Demo

16. About Tool
Enfilade Tool: Download
https://github.com/adityaks/enfilade

17. About Tool
Questions and Queries