Sunday, July 5, 2020

Openfaas and infosec uses

OpenFaaS:

OpenFaaS is a function as a service project that can be self-hosted, much like AWS Lambda or Google Functions. Essentially, instead of writing a full project that does various things, you write and maintain functions instead. OpenFaaS can be deployed with Docker Swarm, Kubernetes, and OpenShift.

OpenFaaS documentation is pretty clean and easy to understand. To use it, you need either Docker Swarm, Kubernetes, or OpenShift. Once you deploy OpenFaaS, you need to create a function and deploy it. There are several ways to supply data to the function, one of them is via http requests.

You can use function in sync or async way, without modifying any code at all. You just modify the URL you're sending the http requests too. In addition to that, OpenFaaS will do scaling on its own. If you're using a function a lot and OpenFaaS will spin up containers for that specific function automatically. It's also possible to utilize ci/cd with OpenFaaS to ensure that deploying changes to functions is easy and quick.

I've been mainly experimenting with OpenFaaS on Vultr but it's also possible to play with it in Docker Playground.

Infosec use cases:

I looked through some of my past projects and I can see myself using OpenFaaS if I were to rewrite them. For example, file analysis. It is possible to combine OpenFaaS with other technologies such as Redis (to keep track of operations) and Minio (to allow download/upload of files/artifacts inside of functions) to analyze malicious files or extract metadata from files. In addition to this, you can also implement machine learning and analyze features of a bunch of PE files in a function and return info about if they are malicious or not.

Another use case is analyzing phishing links. I wrote a golang project that takes links from phishtank and splits them into more URLs recursively and checks each URL to see if there is an open directory. It's possible to completely implement this with OpenFaaS. For example, you can send phishtank data to OpenFaaS function every 8 hours and split each link into multiple URLs, send URLs to another function to detect open directory, finally send the URLs that have open directory to another function that downloads files (this would be phishing kit zip files in most cases) from the open directory.

Log analysis or enrichment is another use case. For example, if you were receiving logs about remote sign-ins, you could send the logs in batches or individually to a function or functions to extract IP and do log enrichment based on API lookups for the IP or finding geolocation.

OpenFaaS can be useful for doing analysis of forensic artifacts. If you're working an incident and need to analyze artifacts from hundreds of computers, you can collect the evidence, throw it in Minio, have a bunch of functions to analyze the evidence, maybe even send the output to another set of functions for enrichment before sending the final evidence to storage or SIEM.



I discovered the OpenFaaS project earlier this month and it has been fun to play with and I can see myself using it a lot. Being able to deploy and maintain specific functions instead of a huge application is much easier for me. Also not having to write code that's threaded and OpenFaaS doing automated scaling is very nice.

Links:

https://www.openfaas.com/
https://docs.openfaas.com/deployment/
https://docs.openfaas.com/reference/triggers/
https://docs.openfaas.com/reference/async/
https://docs.openfaas.com/reference/cicd/intro/
https://www.vultr.com/docs/deploying-openfaas-using-docker-swarm
https://docs.openfaas.com/deployment/play-with-docker/
https://redis.io/
https://min.io/
https://www.phishtank.com/
https://blog.alexellis.io/openfaas-storage-for-your-functions/
https://youtu.be/XiagsmRVoNY

https://www.vultr.com/?ref=7127410 (Affiliate link...)

4 comments:

  1. Hello Everyone !

    USA Fresh & Verified SSN Leads along with Driving License/ ID Number, AVAILABLE with 99.9% connectivity
    All Leads have genuine & valid information.

    **DETAILS IN LEADS**
    First Name | Last Name | SSN | Dob | Driving License Number | Address | City | State | Zip | Phone Number | Account Number | Payday | Bank Name | Employee Details | IP Address

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term Business
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
    Replies
    1. CRYPTO ACCOUNT TAKEOVER (ATO) & FAKE INVESTMENT ARE ON THE RISE. attacks are on the rise and they are costing individuals, businesses, and organizations significant financial and damage that are often difficult to recover quickly. When it comes to Binary Options, there are quite people who have been taken for a ride by a Brokers and at a result of this many have lost a large amount of money to Fake Binary Option Scammers

      Cybercriminals use stolen credentials such as usernames and passwords obtained by malware and social engineering to gain sensitive information, and they’re using that same data to access websites and banks/Bitcoin accounts wallet to transfer money, execute fraudulent transactions and bring people down to a Zero point financially.

      D-hackers is a multinational equipped Hackers come together as a team to track down & to recover whatever that has being stolen from you from the most difficult internet SCAMMERS. NOTE!! We've received countless heartbreaking reports of notorious cyber scammers and we’ve successful recover them back.

      contact us on
      1⃣Binary Recovery.
      2⃣Files Recovery
      3⃣School Graded & Exam Questions
      4⃣Password Bypass / Recovery
      5⃣Malware Removal / Erase Criminal Records
      6⃣Blank ATM Card
      7⃣Social Media Hack
      8⃣Remote Mobile Monitoring & Hacking
      9⃣Clear Bad Credit
      🔟Private Key Reset

      Relate whatever it is to City Center Of Binary Option Service & allow us give you positive result with our hacking skills. Visit our BLOG page D-hacker.banaryoptionsport.com
      Email 📩 binaryoptionservice01@gmail.com pointekhack@gmail.com cyberhackertap@gmail.com we Guarantee you up to %85
      REMEMBER YOUR HAPPINESS IS OUR PRIDE

      Delete
    2. CRYPTO ACCOUNT TAKEOVER (ATO) & FAKE INVESTMENT ARE ON THE RISE. attacks are on the rise and they are costing individuals, businesses, and organizations significant financial and damage that are often difficult to recover quickly. When it comes to Binary Options, there are quite people who have been taken for a ride by a Brokers and at a result of this many have lost a large amount of money to Fake Binary Option Scammers

      Cybercriminals use stolen credentials such as usernames and passwords obtained by malware and social engineering to gain sensitive information, and they’re using that same data to access websites and banks/Bitcoin accounts wallet to transfer money, execute fraudulent transactions and bring people down to a Zero point financially.

      D-hackers is a multinational equipped Hackers come together as a team to track down & to recover whatever that has being stolen from you from the most difficult internet SCAMMERS. NOTE!! We've received countless heartbreaking reports of notorious cyber scammers and we’ve successful recover them back.

      contact us on
      1⃣Binary Recovery.
      2⃣Files Recovery
      3⃣School Graded & Exam Questions
      4⃣Password Bypass / Recovery
      5⃣Malware Removal / Erase Criminal Records
      6⃣Blank ATM Card
      7⃣Social Media Hack
      8⃣Remote Mobile Monitoring & Hacking
      9⃣Clear Bad Credit
      🔟Private Key Reset

      Relate whatever it is to City Center Of Binary Option Service & allow us give you positive result with our hacking skills. Visit our BLOG page D-hacker.banaryoptionsport.com
      Email 📩 binaryoptionservice01@gmail.com pointekhack@gmail.com cyberhackertap@gmail.com we Guarantee you up to %85
      REMEMBER YOUR HAPPINESS IS OUR PRIDE

      Delete
  2. Need The To Hire A Hacker❓ Then contact PYTHONAX✅

    The really amazing deal about contacting PYTHONAX is that the Hack done by us can’t get traced to you, as every Hacking job we do is strongly protected by our Firewall. It’s like saying if anyone tries to trace the Hack, it will lead them to us and we block whatever actions they are doing.

    We have been Invisible to Authorities for almost a decade now and if you google PYTHONAX, not really about us comes out, you can only see comments made by us or about us.

    Another Amazing thing to you benefit from Hiring our Hackers is that you get a Legit and the best Hacking service, As we provide you with Professional Hackers who have their Hacking Areas of specialization.
    We perform every Hack there is, using special Hacking tools we get from the dark web.

    Some list of Hacking Services we provide are-:
    ▪️Phone Hacking & Cloning ✅
    ▪️Computer Hacking ✅
    ▪️Emails & Social Media Account Hacking✅
    ▪️Recovering Deleted Files✅
    ▪️Tracking & Finding People ✅
    ▪️Hunting Down Scammers✅
    ▪️Hack detecting ✅
    ▪️Stealing/Copying Files & Documents From Restricted Networks and Servers ✅
    ▪️Credit Score Manipulation ✅
    ▪️ Deleting Criminal Records✅
    ▪️Bitcoin Multiplication✅
    ▪️Binary Option Money Recovery ✅
    ▪️Scam Money Recovery✅ And lots more......

    ✳️ SPECIAL HACKING SERVICES-: we also specialize in Scam Bounty, as we chase down SCAMMERS and help individuals RECOVER Money stolen from them by this online SCAMMERS. Please be watchful about this SCAMMERS. They post ❌ENTICING TESTIMONIES and it quite Convincing.


    Whatever Hacking service you require, just give us an Email to the Emails Address provided below.
    pythonaxhacks@gmail.com
    pythonaxservices@gmail.com

    PYTHONAX.
    2020 © All Right Reserved.

    ReplyDelete