Blog

Doki Dukes Kinsing Blog

Doki Dukes with Kinsing

Cloud infrastructure is premium real estate for cryptojackers and they are constantly looking for new ways to exploit your workloads. Among them is “Doki,” which was recently reported by Intezer and is distinguished by exploitation of the Docker API and for going undetected until only recently. While Doki was just reported, malware specimens uploaded to […]

Read More…

Bash Wars

Bash Wars

Whether you’re an engineer or a system administrator, you’ve probably found bash to be a go-to resource for automating your Linux tasks. Bash is so useful that it has become popular among malware authors as well. This is because it can easily perform many tasks that are necessary for malware installation and system persistence.  Cryptomining […]

Read More…

Kubernetes Attack Matrix

Kubernetes Recon: A Closer Look at Discovery from the Kubernetes Attack Matrix

On April 2nd, Microsoft released their Attack matrix for Kubernetes, a collection of Kubernetes attack patterns modeled after Mitre’s ATT&CK framework. While the matrix was compiled for Azure, many of the patterns are valid for all cloud providers. There are nine tactics in the ATT&CK framework, however this blog expands on the Discovery portion and […]

Read More…

Greynoise

Who’s Attacking My Containers?

If you’re concerned about the security of your cloud resources then you may have asked yourself: “Who’s attacking my containers?” This blog will attempt to answer that question. As described in the kill chain model, the first phase of any attack is reconnaissance. This entails some form of information gathering about the target and usually […]

Read More…

H2Miner Botnet

H2Miner Botnet – Act 2

Containers are gaining popularity as malware deployment mechanisms in the cloud. Beginning on Valentine’s Day, one malicious container started making its rounds and has steadily expanded to over 350 infections. The malware and infrastructure have been attributed to the “H2Miner” cryptomining botnet which was last reported in January propagating via a Redis RCE: New Outbreak […]

Read More…

Research Automation with ATT&CK & Python

Research Automation with ATT&CK & Python

MITRE did the community a huge favor with the development of ATT&CK – an open source knowledge base for attack techniques. Threat intelligence can often be a nebulous undertaking but thanks to ATT&CK, the lives of analysts have been made a little bit easier. This blog describes how to quickly research threats using Python and […]

Read More…