SlideShare ist ein Scribd-Unternehmen logo

Crypto Hacks - Quit your Job and Become a Crypto Farmer

Greg Foss
Greg Foss

With cryptocurrencies becoming more widely adopted as a form of payment, identity management, and accountability, our understanding of security implications around digital currency needs to keep pace. This talk dives into the many ways in which the systems put in place around new cryptocurrency technologies can be exploited to take advantage of loopholes and bypasses in this technology space.

Technologie
1 von 66
Downloaden Sie, um offline zu lesen
Crypto Hacks Quit Your Job and Become a (Crypto) Farmer Greg Foss Distributed Consensus - August 3rd - 4th, 2018
Greg Foss Head of Threat Research and Global Security Operations OSCP, GMON, GAWN, GWAPT, GPEN, GCIH, CEH
Many of these topics are ‘probably’ illegal and this talk isn’t about get rich quick schemes or scams - don’t do any of these things without authorization D i s c l a i m e r
Mining
Mining Calculators
0 1.5 3 4.5 6 Jan Feb Mar April May June July Bitcoin Ethereum M o s t m i n i n g c a l c u l a t o r s d o n ’ t t a k e t h i s i n t o a c c o u n t … Mining Difficulty Over Time - 2018
0 1500 3000 4500 6000 July '16 Nov '16 Mar '17 July '17 Nov '17 Mar '18 July '18 Bitcoin Bitcoin Mining Difficulty - Past Two Years “ L o n g Te r m G a i n z ” - “ H O D L ” - L A M B O S ! ”
Building a Rig
PRO / CON - Building a Rig • Fun to build and looks awesome!
 • You own the hardware and can use it for other tasks - like password cracking
 • Freedom over the coins that you can mine
 • Residual income over time
 • Not dependent on any third party
 • Profit not contingent on current coin value
 • Contributing to maintaining the network PRO • Significant upfront cost
 • Time investment and ongoing maintenance
 • Potentially a very log time to ROI
 • Energy costs and unnecessary heat
 • More profitable to buy the coin given current cost
 • TAXES • Tax on coins, as they are mined • Capital gains tax when trading for Fiat CON
The Cloud…
The Cloud…
T r a d i t i o n a l C l o u d M i n i n g S e r v i c e s
T r a d i t i o n a l C l o u d M i n i n g S e r v i c e s
Ideal for Nodes - Not Mining
Adventures Mining on Google Cloud
Adventures Mining on Google Cloud
Game on… M o d i f i e d X M R i g B i n a r y D N S S e r v e r T C P T u n n e l M i n e a t 3 0 % G P U P r o f i t
C r e a t e A c c o u n t C r e a t e A c c o u n t C r e a t e A c c o u n t C r e a t e A c c o u n t P r o f i t P o w e r S h e l l P r e p a i d C r e d i t C a r d s
Seriously — don’t mess with Google
Web Development
In-browser Miners
Easy to spot and block Included on most threat lists…
Bypass (some) Block Lists P r i m a r y D N S S e r v e r U n s u s p e c t i n g U s e r n o t c o i n h i v e . b i z ( P r o x y ) C o i n h i v e / C o i n I m p / e t c . s o m e t h i n g . c o m s o m e t h i n g . c o m = 1 2 7 . 0 . 0 . 1 n o t c o i n h i v e . b i z
Less intrusive and more profitable ways…
The Home (or office) Network…
U s e r s s o m e t h i n g . c o m R o u t e r P i H o l e S e r v e r A d v e r t i s i n g S e r v e r s C o i n h i v e / C o i n I m p / e t c . D N S R e q u e s t
U s e r s E v e r y t h i n g E l s e s o m e t h i n g . c o m R o u t e r P i H o l e S e r v e r A d v e r t i s i n g S e r v e r s C o i n h i v e / C o i n I m p / e t c . D N S R e q u e s t
Cryptodust Collection
Mobile Faucets
Many variations Mostly popular coins
Micro transactions Time Delay
CAPTCHA bbbboooooo….
It worked!
Until it didn’t…
Web Faucets
CAPTCHA again? c’mon!
Trading and Signal Groups
Pump Dump
Pump Dump
h t t p s : / / c r y p t o - c o i n . w e b s i t e / p u m p - d u m p - c r y p t o c u r r e n c y / Who really wins?
Auto-Trading?
P y t h o nT w i t t e r A P I T r e n d i n g C r y p t o $ Ta g s G o o g l e C l o u d N a t u r a l L a n g u a g e A P I E m o t i o n s
P y t h o nT w i t t e r A P I T r e n d i n g C r y p t o $ Ta g s G o o g l e C l o u d N a t u r a l L a n g u a g e A P I E m o t i o n s G r a p h i n g a n d T r e n d A n a l y t i c s B i n a n c e S h a p e s h i f t
We’ve only just scratched the surface… • Smart Contract Attacks • Honeypot Wallets • Miner / Mobile App Reversing • Seed Busting • Private Key Collisions (LBC) • Headless browser-based mining via PowerShell • Wallet Hijacking • And much more…
Thank you! greg . foss [at] logrhythm . com @heinzarelli https://cryptohacks.io
Crypto Hacks - Quit your Job and Become a Crypto Farmer

Empfohlen

Paymagnet - mPOS accepting crypto - Malta Blockchain Summit
Paymagnet - mPOS accepting crypto - Malta Blockchain SummitPaymagnet - mPOS accepting crypto - Malta Blockchain Summit
Paymagnet - mPOS accepting crypto - Malta Blockchain SummitNick Stein
 
Password - Strong and Memorable Passwords
Password - Strong and Memorable PasswordsPassword - Strong and Memorable Passwords
Password - Strong and Memorable PasswordsN. M. Ali Hayder
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldUniversity of Hertfordshire
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer needUniversity of Hertfordshire
 
Analysis of Regional Phishing Attack
Analysis of Regional Phishing AttackAnalysis of Regional Phishing Attack
Analysis of Regional Phishing AttackJune Park
 
Santander Presentation - Global Digital Innovation
Santander Presentation - Global Digital InnovationSantander Presentation - Global Digital Innovation
Santander Presentation - Global Digital InnovationLisa Cheng
 
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...Stefano Amorelli
 
Small data big impact
Small data big impactSmall data big impact
Small data big impactUniversity of Hertfordshire
 

Empfohlen

Paymagnet - mPOS accepting crypto - Malta Blockchain Summit
Paymagnet - mPOS accepting crypto - Malta Blockchain SummitPaymagnet - mPOS accepting crypto - Malta Blockchain Summit
Paymagnet - mPOS accepting crypto - Malta Blockchain SummitNick Stein
 
Password - Strong and Memorable Passwords
Password - Strong and Memorable PasswordsPassword - Strong and Memorable Passwords
Password - Strong and Memorable PasswordsN. M. Ali Hayder
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldUniversity of Hertfordshire
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer needUniversity of Hertfordshire
 
Analysis of Regional Phishing Attack
Analysis of Regional Phishing AttackAnalysis of Regional Phishing Attack
Analysis of Regional Phishing AttackJune Park
 
Santander Presentation - Global Digital Innovation
Santander Presentation - Global Digital InnovationSantander Presentation - Global Digital Innovation
Santander Presentation - Global Digital InnovationLisa Cheng
 
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...Stefano Amorelli
 
Small data big impact
Small data big impactSmall data big impact
Small data big impactUniversity of Hertfordshire
 
What is cryptocurrency everything you need to know - ultimate guide
What is cryptocurrency everything you need to know - ultimate guideWhat is cryptocurrency everything you need to know - ultimate guide
What is cryptocurrency everything you need to know - ultimate guidePreparationInfo
 
Technologies That Will Change Everything
Technologies That Will Change EverythingTechnologies That Will Change Everything
Technologies That Will Change EverythingUniversity of Hertfordshire
 
Blockchain for f Financial Institutions | Asian Development Bank conference
Blockchain for f Financial Institutions | Asian Development Bank conferenceBlockchain for f Financial Institutions | Asian Development Bank conference
Blockchain for f Financial Institutions | Asian Development Bank conferencemim3mim3
 
Digital Data Commons - Emergence of AI Blockchain Convergence
Digital Data Commons - Emergence of AI Blockchain ConvergenceDigital Data Commons - Emergence of AI Blockchain Convergence
Digital Data Commons - Emergence of AI Blockchain ConvergenceGokul Alex
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitAmazon Web Services
 
Digital Destinies
Digital DestiniesDigital Destinies
Digital DestiniesUniversity of Hertfordshire
 
Managing cyber security
Managing cyber securityManaging cyber security
Managing cyber securityUniversity of Hertfordshire
 
Blockchain - creating more transparent economy
Blockchain - creating more transparent economy Blockchain - creating more transparent economy
Blockchain - creating more transparent economy Paweł Kuskowski
 
Strangler Pattern in practice @PHPers Day 2019
Strangler Pattern in practice @PHPers Day 2019Strangler Pattern in practice @PHPers Day 2019
Strangler Pattern in practice @PHPers Day 2019Michał Kurzeja
 
Four Architectural Patterns
Four Architectural Patterns Four Architectural Patterns
Four Architectural Patterns David Simons
 
Blockchain Technology : Privacy Perspectives and Security Concerns
Blockchain Technology : Privacy Perspectives and Security ConcernsBlockchain Technology : Privacy Perspectives and Security Concerns
Blockchain Technology : Privacy Perspectives and Security ConcernsGokul Alex
 
Building Data applications with Go: from Bloom filters to Data pipelines / FO...
Building Data applications with Go: from Bloom filters to Data pipelines / FO...Building Data applications with Go: from Bloom filters to Data pipelines / FO...
Building Data applications with Go: from Bloom filters to Data pipelines / FO...Sergii Khomenko
 
Voip Cyber Security
Voip Cyber SecurityVoip Cyber Security
Voip Cyber SecurityUniversity of Hertfordshire
 
Innovation in the platform world
Innovation in the platform worldInnovation in the platform world
Innovation in the platform worldadritab
 
Decoupled APIs through microservices
Decoupled APIs through microservicesDecoupled APIs through microservices
Decoupled APIs through microservicesDavid Simons
 
Thinking like a Network
Thinking like a NetworkThinking like a Network
Thinking like a NetworkJonas Altman
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamUniversity of Hertfordshire
 
Resurgence of Technology Driven Change
Resurgence of Technology Driven ChangeResurgence of Technology Driven Change
Resurgence of Technology Driven ChangeUniversity of Hertfordshire
 
Consumer Token Offering
Consumer Token OfferingConsumer Token Offering
Consumer Token OfferingDevelopcoins
 
Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...
Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...
Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...Game Camp France
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
Future of Destructive Malware
Future of Destructive MalwareFuture of Destructive Malware
Future of Destructive MalwareGreg Foss
 

Weitere ähnliche Inhalte

Ähnlich wie Crypto Hacks - Quit your Job and Become a Crypto Farmer

What is cryptocurrency everything you need to know - ultimate guide
What is cryptocurrency everything you need to know - ultimate guideWhat is cryptocurrency everything you need to know - ultimate guide
What is cryptocurrency everything you need to know - ultimate guidePreparationInfo
 
Blockchain for f Financial Institutions | Asian Development Bank conference
Blockchain for f Financial Institutions | Asian Development Bank conferenceBlockchain for f Financial Institutions | Asian Development Bank conference
Blockchain for f Financial Institutions | Asian Development Bank conferencemim3mim3
 
Digital Data Commons - Emergence of AI Blockchain Convergence
Digital Data Commons - Emergence of AI Blockchain ConvergenceDigital Data Commons - Emergence of AI Blockchain Convergence
Digital Data Commons - Emergence of AI Blockchain ConvergenceGokul Alex
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitAmazon Web Services
 
Blockchain - creating more transparent economy
Blockchain - creating more transparent economy Blockchain - creating more transparent economy
Blockchain - creating more transparent economy Paweł Kuskowski
 
Strangler Pattern in practice @PHPers Day 2019
Strangler Pattern in practice @PHPers Day 2019Strangler Pattern in practice @PHPers Day 2019
Strangler Pattern in practice @PHPers Day 2019Michał Kurzeja
 
Four Architectural Patterns
Four Architectural Patterns Four Architectural Patterns
Four Architectural Patterns David Simons
 
Blockchain Technology : Privacy Perspectives and Security Concerns
Blockchain Technology : Privacy Perspectives and Security ConcernsBlockchain Technology : Privacy Perspectives and Security Concerns
Blockchain Technology : Privacy Perspectives and Security ConcernsGokul Alex
 
Building Data applications with Go: from Bloom filters to Data pipelines / FO...
Building Data applications with Go: from Bloom filters to Data pipelines / FO...Building Data applications with Go: from Bloom filters to Data pipelines / FO...
Building Data applications with Go: from Bloom filters to Data pipelines / FO...Sergii Khomenko
 
Innovation in the platform world
Innovation in the platform worldInnovation in the platform world
Innovation in the platform worldadritab
 
Decoupled APIs through microservices
Decoupled APIs through microservicesDecoupled APIs through microservices
Decoupled APIs through microservicesDavid Simons
 
Thinking like a Network
Thinking like a NetworkThinking like a Network
Thinking like a NetworkJonas Altman
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamUniversity of Hertfordshire
 
Consumer Token Offering
Consumer Token OfferingConsumer Token Offering
Consumer Token OfferingDevelopcoins
 
Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...
Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...
Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...Game Camp France
 

Ähnlich wie Crypto Hacks - Quit your Job and Become a Crypto Farmer (20)

What is cryptocurrency everything you need to know - ultimate guide
What is cryptocurrency everything you need to know - ultimate guideWhat is cryptocurrency everything you need to know - ultimate guide
What is cryptocurrency everything you need to know - ultimate guide
 
Technologies That Will Change Everything
Technologies That Will Change EverythingTechnologies That Will Change Everything
Technologies That Will Change Everything
 
Blockchain for f Financial Institutions | Asian Development Bank conference
Blockchain for f Financial Institutions | Asian Development Bank conferenceBlockchain for f Financial Institutions | Asian Development Bank conference
Blockchain for f Financial Institutions | Asian Development Bank conference
 
Digital Data Commons - Emergence of AI Blockchain Convergence
Digital Data Commons - Emergence of AI Blockchain ConvergenceDigital Data Commons - Emergence of AI Blockchain Convergence
Digital Data Commons - Emergence of AI Blockchain Convergence
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
 
Digital Destinies
Digital DestiniesDigital Destinies
Digital Destinies
 
Managing cyber security
Managing cyber securityManaging cyber security
Managing cyber security
 
Blockchain - creating more transparent economy
Blockchain - creating more transparent economy Blockchain - creating more transparent economy
Blockchain - creating more transparent economy
 
Strangler Pattern in practice @PHPers Day 2019
Strangler Pattern in practice @PHPers Day 2019Strangler Pattern in practice @PHPers Day 2019
Strangler Pattern in practice @PHPers Day 2019
 
Four Architectural Patterns
Four Architectural Patterns Four Architectural Patterns
Four Architectural Patterns
 
Blockchain Technology : Privacy Perspectives and Security Concerns
Blockchain Technology : Privacy Perspectives and Security ConcernsBlockchain Technology : Privacy Perspectives and Security Concerns
Blockchain Technology : Privacy Perspectives and Security Concerns
 
Building Data applications with Go: from Bloom filters to Data pipelines / FO...
Building Data applications with Go: from Bloom filters to Data pipelines / FO...Building Data applications with Go: from Bloom filters to Data pipelines / FO...
Building Data applications with Go: from Bloom filters to Data pipelines / FO...
 
Voip Cyber Security
Voip Cyber SecurityVoip Cyber Security
Voip Cyber Security
 
Innovation in the platform world
Innovation in the platform worldInnovation in the platform world
Innovation in the platform world
 
Decoupled APIs through microservices
Decoupled APIs through microservicesDecoupled APIs through microservices
Decoupled APIs through microservices
 
Thinking like a Network
Thinking like a NetworkThinking like a Network
Thinking like a Network
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
 
Resurgence of Technology Driven Change
Resurgence of Technology Driven ChangeResurgence of Technology Driven Change
Resurgence of Technology Driven Change
 
Consumer Token Offering
Consumer Token OfferingConsumer Token Offering
Consumer Token Offering
 
Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...
Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...
Ode au self publishing Part 2 Drake VS Lady Gaga - Thomas Bidaux - Game Camp ...
 

Mehr von Greg Foss

Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
Future of Destructive Malware
Future of Destructive MalwareFuture of Destructive Malware
Future of Destructive MalwareGreg Foss
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Greg Foss
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseGreg Foss
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking DrupalGreg Foss
 

Mehr von Greg Foss (15)

Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime Ops
 
Future of Destructive Malware
Future of Destructive MalwareFuture of Destructive Malware
Future of Destructive Malware
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint Data
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of Dreams
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture Training
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven Defense
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Kürzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 

Crypto Hacks - Quit your Job and Become a Crypto Farmer

  • 1. Crypto Hacks Quit Your Job and Become a (Crypto) Farmer Greg Foss Distributed Consensus - August 3rd - 4th, 2018
  • 2. Greg Foss Head of Threat Research and Global Security Operations OSCP, GMON, GAWN, GWAPT, GPEN, GCIH, CEH
  • 3. Many of these topics are ‘probably’ illegal and this talk isn’t about get rich quick schemes or scams - don’t do any of these things without authorization D i s c l a i m e r
  • 6. 0 1.5 3 4.5 6 Jan Feb Mar April May June July Bitcoin Ethereum M o s t m i n i n g c a l c u l a t o r s d o n ’ t t a k e t h i s i n t o a c c o u n t … Mining Difficulty Over Time - 2018
  • 7. 0 1500 3000 4500 6000 July '16 Nov '16 Mar '17 July '17 Nov '17 Mar '18 July '18 Bitcoin Bitcoin Mining Difficulty - Past Two Years “ L o n g Te r m G a i n z ” - “ H O D L ” - L A M B O S ! ”
  • 9. PRO / CON - Building a Rig • Fun to build and looks awesome!
 • You own the hardware and can use it for other tasks - like password cracking
 • Freedom over the coins that you can mine
 • Residual income over time
 • Not dependent on any third party
 • Profit not contingent on current coin value
 • Contributing to maintaining the network PRO • Significant upfront cost
 • Time investment and ongoing maintenance
 • Potentially a very log time to ROI
 • Energy costs and unnecessary heat
 • More profitable to buy the coin given current cost
 • TAXES • Tax on coins, as they are mined • Capital gains tax when trading for Fiat CON
  • 12. T r a d i t i o n a l C l o u d M i n i n g S e r v i c e s
  • 13.
  • 14.
  • 15. T r a d i t i o n a l C l o u d M i n i n g S e r v i c e s
  • 16. Ideal for Nodes - Not Mining
  • 19. Game on… M o d i f i e d X M R i g B i n a r y D N S S e r v e r T C P T u n n e l M i n e a t 3 0 % G P U P r o f i t
  • 20. C r e a t e A c c o u n t C r e a t e A c c o u n t C r e a t e A c c o u n t C r e a t e A c c o u n t P r o f i t P o w e r S h e l l P r e p a i d C r e d i t C a r d s
  • 21. Seriously — don’t mess with Google
  • 24. Easy to spot and block Included on most threat lists…
  • 25. Bypass (some) Block Lists P r i m a r y D N S S e r v e r U n s u s p e c t i n g U s e r n o t c o i n h i v e . b i z ( P r o x y ) C o i n h i v e / C o i n I m p / e t c . s o m e t h i n g . c o m s o m e t h i n g . c o m = 1 2 7 . 0 . 0 . 1 n o t c o i n h i v e . b i z
  • 26. Less intrusive and more profitable ways…
  • 27.
  • 28. The Home (or office) Network…
  • 29.
  • 30. U s e r s s o m e t h i n g . c o m R o u t e r P i H o l e S e r v e r A d v e r t i s i n g S e r v e r s C o i n h i v e / C o i n I m p / e t c . D N S R e q u e s t
  • 31. U s e r s E v e r y t h i n g E l s e s o m e t h i n g . c o m R o u t e r P i H o l e S e r v e r A d v e r t i s i n g S e r v e r s C o i n h i v e / C o i n I m p / e t c . D N S R e q u e s t
  • 32.
  • 33.
  • 37.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 48.
  • 50.
  • 51.
  • 55. h t t p s : / / c r y p t o - c o i n . w e b s i t e / p u m p - d u m p - c r y p t o c u r r e n c y / Who really wins?
  • 56.
  • 58. P y t h o nT w i t t e r A P I T r e n d i n g C r y p t o $ Ta g s G o o g l e C l o u d N a t u r a l L a n g u a g e A P I E m o t i o n s
  • 59.
  • 60. P y t h o nT w i t t e r A P I T r e n d i n g C r y p t o $ Ta g s G o o g l e C l o u d N a t u r a l L a n g u a g e A P I E m o t i o n s G r a p h i n g a n d T r e n d A n a l y t i c s B i n a n c e S h a p e s h i f t
  • 61.
  • 62.
  • 63.
  • 64. We’ve only just scratched the surface… • Smart Contract Attacks • Honeypot Wallets • Miner / Mobile App Reversing • Seed Busting • Private Key Collisions (LBC) • Headless browser-based mining via PowerShell • Wallet Hijacking • And much more…
  • 65. Thank you! greg . foss [at] logrhythm . com @heinzarelli https://cryptohacks.io