Overview
This course aims to educate learners on the tactics, techniques, and procedures used by the cryptojacking threat actor TeamTNT targeting Linux servers. The course covers topics such as targeting Redis, credential stealing, exfiltration of stolen credentials, rootkit usage, and lateral movement. The teaching method involves presenting the threat actor's activities and campaigns. The course is intended for cybersecurity professionals and individuals interested in understanding cryptojacking threats and cloud security vulnerabilities.
Syllabus
Intro
Winter 2020
Targeting of Redis
Hiding Files
Credential Stealing
Exfil of Stolen Credentials
Tsunami
RatHole
Oldest Artifact
Historical Traces
Targeting Exposed Docker Instances
Attack Flow
Connection to other scripts
Continue Attacking Docker
Rootkit
Credential Theft and Lateral Movement
Fall 2020
Social Media
Winter Summary
Exploring Windows?
Sniffer
Windows CUDA Miner
Using AWS CLI
Compromised 50,000 Servers
The Chimaera
Conclusion
Taught by
Black Hat