How A Cryptocurrency Miner Made Its Way onto Our Internal Kubernetes Clusters

Medium post: https://medium.com/jw-player-engineering/how-a-cryptocurrency-miner-made-its-way-onto-our-internal-kubernetes-clusters-9b09c4704205

The explosion of cryptocurrency in recent years spurred a wave of exploits targeting unsuspecting machines to mine cryptocurrency for the attackers. Earlier in the year, the JW Player DevOps team discovered one of the aforementioned miners running on our development and staging Kubernetes clusters.

To be clear, our production cluster was not affected, no JW Player customer data was accessed or exposed, and service was uninterrupted. Malicious actors are not always intent on stealing information or taking a website down, they can be just as content (or more so) in stealing your compute power. We take any intrusion very seriously though, and wanted to share our findings to help other DevOps teams harden their systems.

This blog post is broken up into several parts detailing — discovery and diagnosis, our immediate response, discovering and replicating the attack vector, damage assessment, and plans for preventative measures to further protect our systems.

[Read More]

VMWare SSH Bug

When using VMWare to do work on my virtual machines, I came across an annoying bug where all my SSH connections failed:

$ ssh root@52.172.12.100
packet_write_wait: Connection to 52.172.12.100 port 22: Broken pipe
[Read More]

OverTheWire Natas

Following up on my Bandit post, OverTheWire Natas teaches the basics of serverside web-security. These are quick notes for my solutions to level 0-10. I’ll be doing these in preperation for the OSCP pentesting course I plan on taking.

Level 0

The password to this level is listed on the natas game description:

Username: natas0
Password: natas0
URL:      http://natas0.natas.labs.overthewire.org
[Read More]

OverTheWire Bandit

OverTheWire Bandit is a capture the flag (CTF) game for beginners. I’ve recently regained interest in security and found this a fun way to get back into what originally led me to learn programming. These are quick notes for my solutions on level 0-27.

Level 0 -> Level 1

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

[Read More]

Creating a Docker Workflow with Node.js

Note: These are my findings after working with Docker, Jenkins, and AWS for only 2-3 months. This post details my thought process for the workflow I have set up with Docker and was written to document my progress. However, it might be useful for other beginners who are interested in setting up a better workflow for development with Node.js and Docker.

The Problem

Our development team occasionally has to switch between different projects. Each project has its own set of dependencies requiring a specific version of Node.js, npm, and/or Ruby to be run. Using nvm and rvm can mitigate the issue, but constantly switching between versions is a hassle and it is easy to lose track of which version you’re currently using. Time is also wasted on debugging environment inconsistencies between local development machines, and even more time is lost solving cross-platform issues when deploying to the dev/qa/prod servers (OSX to Linux). Many hours were lost for both the development and system administration teams debugging these issues; hours that could instead be spent improving the current project or working on other projects.

[Read More]