SlideShare a Scribd company logo

Detecting Ransomware/Bot Infections in Elasticsearch

Aditya K Sood, profile picture
Aditya K Sood

Strafer is a tool created by Dr. Aditya K Sood and Rohit Bansal to detect potential infections in Elasticsearch instances. It gathers instance information, checks for exposure online and authentication, and detects infections like ransomware, botnets, and honeypots. The open source tool is available on GitHub and aims to strengthen security efforts by sharing research with the community.

Technology
Related topics:
Information Security
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
Strafer: A Tool to Detect Infections in Elasticsearch Instances
About Tool Disclaimer https://github.com/adityaks/strafer Tool presented in this talk is for sharing research with security community to strengthen the intelligence efforts for enhancing the security of critical services on the internet. This talk does not relate to any of our previous or present employers.
About Tool Strafer Project Team https://github.com/adityaks/strafer • Dr. Aditya K Sood o Security Practitioner and Researcher o Working in the security field for more than 13 years o Regular speaker at industry leading security conferences o Author of “Targeted Cyber Attacks” Book o W: https://www.adityaksood.com o T: @adityaksood o LinkedIn: https://www.linkedin.com/adityaks • Rohit Bansal o Principal Researcher, SecNiche Security Labs o https://secniche.org/ Elasticsearch Threat Research and Intelligence Collection Elasticsearch Threat Research and Tool Development
About Tool Elasticsearch threats and attacks landscape
About Tool • Strafer: A tool to detect potential infections in Elasticsearch instances. • In this version of the tool, the following modules are supported: o Elasticsearch instance information gathering and reconnaissance (inline). o Elasticsearch instance exposure on the Internet (authentication checks). o Detecting potential ransomware infections in the Elasticsearch instances. o Detecting potential botnet infections such as meow botnet. o Detecting infected indices in the Elasticsearch instances. o Detecting Elasticsearch honeypots. Introducing Strafer
About Tool Introducing Strafer
About Tool Detecting Exposed Instances
About Tool Detecting Ransomware Infections
About Tool Detecting Botnet Infections
About Tool Detecting Elasticsearch honeypots
About Tool Strafer Tool: Working
About Tool Strafer Tool: Download https://github.com/adityaks/strafer
About Tool Questions and Queries

More Related Content

PDF
Enfilade: Tool to Detect Infections in MongoDB Instances
Aditya K Sood
 
PDF
Cracking the mobile application code
Sreenarayan A
 
PDF
Understanding ransomware
Prathan Phongthiproek
 
PPTX
Reduce the Risk of Open Source Security Vulnerabilities
Protecode
 
PPTX
Malware: To The Realm of Malicious Code (Training)
Satria Ady Pradana
 
PPTX
Down The Rabbit Hole, From Networker to Security Professional
Satria Ady Pradana
 
PPT
Brucon presentation
wremes
 
PDF
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 
Enfilade: Tool to Detect Infections in MongoDB Instances
Aditya K Sood
 
Cracking the mobile application code
Sreenarayan A
 
Understanding ransomware
Prathan Phongthiproek
 
Reduce the Risk of Open Source Security Vulnerabilities
Protecode
 
Malware: To The Realm of Malicious Code (Training)
Satria Ady Pradana
 
Down The Rabbit Hole, From Networker to Security Professional
Satria Ady Pradana
 
Brucon presentation
wremes
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 

What's hot (20)

PDF
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
Codemotion
 
PPTX
The difference between Penetration Testing and Red Team
Nimrod Levy
 
DOCX
Ian Powers Resume
Ian Powers
 
PPTX
Malware Analysis
Ramin Farajpour Cami
 
PDF
20171106 - Privacy Design Lab - LINDDUN
Brussels Legal Hackers
 
PPTX
DLL Preloading Attack
securityxploded
 
PDF
Penetration testing tools and phases
TestingXperts
 
PPTX
Bug bounty
Ramin Farajpour Cami
 
PPTX
Rise of software supply chain attack
Yadnyawalkya Tale
 
PPTX
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
EndgameInc
 
PPTX
Path of Cyber Security
Satria Ady Pradana
 
PDF
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
FFRI, Inc.
 
PPTX
Continuous security testing - sharing responsibility
VodqaBLR
 
PDF
Security of Machine Learning
Institute of Contemporary Sciences
 
PPTX
Enterprise security architecture approach
Maganathin Veeraragaloo
 
PPTX
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
PPTX
Explore Security Testing
shwetaupadhyay
 
PDF
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
Trivadis
 
DOC
Strayer sec 420
uopassignment
 
PPTX
Worst-Case Scenario: Being Detected without Knowing You are Detected
Ashwini Almad
 
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
Codemotion
 
The difference between Penetration Testing and Red Team
Nimrod Levy
 
Ian Powers Resume
Ian Powers
 
Malware Analysis
Ramin Farajpour Cami
 
20171106 - Privacy Design Lab - LINDDUN
Brussels Legal Hackers
 
DLL Preloading Attack
securityxploded
 
Penetration testing tools and phases
TestingXperts
 
Bug bounty
Ramin Farajpour Cami
 
Rise of software supply chain attack
Yadnyawalkya Tale
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
EndgameInc
 
Path of Cyber Security
Satria Ady Pradana
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
FFRI, Inc.
 
Continuous security testing - sharing responsibility
VodqaBLR
 
Security of Machine Learning
Institute of Contemporary Sciences
 
Enterprise security architecture approach
Maganathin Veeraragaloo
 
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
Explore Security Testing
shwetaupadhyay
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
Trivadis
 
Strayer sec 420
uopassignment
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Ashwini Almad
 
Ad

More from Aditya K Sood (20)

PDF
Emerging Trends in Online Social Networks Malware
Aditya K Sood
 
PDF
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
Aditya K Sood
 
PDF
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 
PDF
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Aditya K Sood
 
PDF
Abusing Glype Proxies - Attacks, Exploits and Defences
Aditya K Sood
 
PDF
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
Aditya K Sood
 
PDF
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
Aditya K Sood
 
PDF
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
Aditya K Sood
 
PDF
ToorCon 14 : Malandroid : The Crux of Android Infections
Aditya K Sood
 
PDF
DEF CON 20 - Botnets Die Hard - Owned and Operated
Aditya K Sood
 
PDF
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Aditya K Sood
 
PDF
NGR Bot Analysis Paper
Aditya K Sood
 
PDF
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Aditya K Sood
 
PDF
Commercial Cyber Crime - Social Networks Malware
Aditya K Sood
 
PDF
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Aditya K Sood
 
PDF
OWASP AppSec USA 2011 - Dismantling Web Malware
Aditya K Sood
 
PDF
Browser Malware Taxonomy
Aditya K Sood
 
PDF
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
Aditya K Sood
 
PDF
PenTest Magazine Teaser - Mobile Hacking
Aditya K Sood
 
PDF
Dissecting Java Server Faces for Penetration Testing
Aditya K Sood
 
Emerging Trends in Online Social Networks Malware
Aditya K Sood
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
Aditya K Sood
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Aditya K Sood
 
Abusing Glype Proxies - Attacks, Exploits and Defences
Aditya K Sood
 
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
Aditya K Sood
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
Aditya K Sood
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
Aditya K Sood
 
ToorCon 14 : Malandroid : The Crux of Android Infections
Aditya K Sood
 
DEF CON 20 - Botnets Die Hard - Owned and Operated
Aditya K Sood
 
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Aditya K Sood
 
NGR Bot Analysis Paper
Aditya K Sood
 
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Aditya K Sood
 
Commercial Cyber Crime - Social Networks Malware
Aditya K Sood
 
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Aditya K Sood
 
OWASP AppSec USA 2011 - Dismantling Web Malware
Aditya K Sood
 
Browser Malware Taxonomy
Aditya K Sood
 
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
Aditya K Sood
 
PenTest Magazine Teaser - Mobile Hacking
Aditya K Sood
 
Dissecting Java Server Faces for Penetration Testing
Aditya K Sood
 
Ad

Recently uploaded (20)

PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
A Presentation on Artificial Intelligence
memembruh336
 
Cloud computing and distributed systems.
kkkkkhan
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Teaching material agriculture food technology
LiaRayya
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 

Detecting Ransomware/Bot Infections in Elasticsearch