JakeHillion/www
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
www/blog.hillion.co.uk/posts/drone-hack/index.html
Drone 477de5c555 update blog.hillion.co.uk
2024-01-13 14:16:56 +00:00

14 lines
27 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Drone CI and Crypto Honeypots 💰🍯📚 | Jake Hillion</title><meta name=keywords content="Home Lab,Proxmox,Drone,Gitea,Continuous Integration"><meta name=description content="One gloomy Tuesday evening, I SSHed into my CI server and ran htop as I had hundreds of times before. The machine is pinned running my jobs, but wait&mldr; Something is wrong.
htop showing bad things I certainly wasn&rsquo;t running any jobs involving Tensorflow, and I&rsquo;m not in the habit of mining cryptocurrencies on my CI server.
This post will cover the series of events that lead to this happening, what happened, and the learnings I&rsquo;ve taken away from it."><meta name=author content="Jake Hillion"><link rel=canonical href=https://blog.hillion.co.uk/posts/drone-hack/><link crossorigin=anonymous href=/assets/css/stylesheet.min.48a18943c2fc15c38a372b8dde1f5e5dc0bc64fa6cb90f5a817d2f8c76b7f3ae.css integrity="sha256-SKGJQ8L8FcOKNyuN3h9eXcC8ZPpsuQ9agX0vjHa3864=" rel="preload stylesheet" as=style><script defer crossorigin=anonymous src=/assets/js/highlight.min.b95bacdc39e37a332a9f883b1e78be4abc1fdca2bc1f2641f55e3cd3dabd4d61.js integrity="sha256-uVus3DnjejMqn4g7Hni+Srwf3KK8HyZB9V4809q9TWE=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://blog.hillion.co.uk/favicon.ico><link rel=icon type=image/png sizes=16x16 href=https://blog.hillion.co.uk/favicon-16x16.png><link rel=icon type=image/png sizes=32x32 href=https://blog.hillion.co.uk/favicon-32x32.png><link rel=apple-touch-icon href=https://blog.hillion.co.uk/apple-touch-icon.png><link rel=mask-icon href=https://blog.hillion.co.uk/safari-pinned-tab.svg><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><script async src="https://www.googletagmanager.com/gtag/js?id=G-4CXXF49E7M"></script>
<script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-4CXXF49E7M",{anonymize_ip:!1})}</script><meta property="og:title" content="Drone CI and Crypto Honeypots 💰🍯📚"><meta property="og:description" content="One gloomy Tuesday evening, I SSHed into my CI server and ran htop as I had hundreds of times before. The machine is pinned running my jobs, but wait&mldr; Something is wrong.
htop showing bad things I certainly wasn&rsquo;t running any jobs involving Tensorflow, and I&rsquo;m not in the habit of mining cryptocurrencies on my CI server.
This post will cover the series of events that lead to this happening, what happened, and the learnings I&rsquo;ve taken away from it."><meta property="og:type" content="article"><meta property="og:url" content="https://blog.hillion.co.uk/posts/drone-hack/"><meta property="article:section" content="posts"><meta property="article:published_time" content="2022-03-07T18:00:00+00:00"><meta property="article:modified_time" content="2022-03-07T18:00:00+00:00"><meta property="og:site_name" content="Jake Hillion"><meta name=twitter:card content="summary"><meta name=twitter:title content="Drone CI and Crypto Honeypots 💰🍯📚"><meta name=twitter:description content="One gloomy Tuesday evening, I SSHed into my CI server and ran htop as I had hundreds of times before. The machine is pinned running my jobs, but wait&mldr; Something is wrong.
htop showing bad things I certainly wasn&rsquo;t running any jobs involving Tensorflow, and I&rsquo;m not in the habit of mining cryptocurrencies on my CI server.
This post will cover the series of events that lead to this happening, what happened, and the learnings I&rsquo;ve taken away from it."><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://blog.hillion.co.uk/posts/"},{"@type":"ListItem","position":2,"name":"Drone CI and Crypto Honeypots 💰🍯📚","item":"https://blog.hillion.co.uk/posts/drone-hack/"}]}</script><script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"Drone CI and Crypto Honeypots 💰🍯📚","name":"Drone CI and Crypto Honeypots 💰🍯📚","description":"One gloomy Tuesday evening, I SSHed into my CI server and ran htop as I had hundreds of times before. The machine is pinned running my jobs, but wait\u0026hellip; Something is wrong.\nhtop showing bad things I certainly wasn\u0026rsquo;t running any jobs involving Tensorflow, and I\u0026rsquo;m not in the habit of mining cryptocurrencies on my CI server.\nThis post will cover the series of events that lead to this happening, what happened, and the learnings I\u0026rsquo;ve taken away from it.","keywords":["Home Lab","Proxmox","Drone","Gitea","Continuous Integration"],"articleBody":"One gloomy Tuesday evening, I SSHed into my CI server and ran htop as I had hundreds of times before. The machine is pinned running my jobs, but wait… Something is wrong.\nhtop showing bad things I certainly wasnt running any jobs involving Tensorflow, and Im not in the habit of mining cryptocurrencies on my CI server.\nThis post will cover the series of events that lead to this happening, what happened, and the learnings Ive taken away from it.\nA series of unfortunate events ⛈ The first blow? Ive been posting weekly updates on this blog which include a variety of links to my self-hosted Gitea server. As this blog is crawled by Google, my Gitea site got crawled too. That means that all of my code is now indexed by Google. Cool! What it also means is that people searching for Gitea servers to exploit can now easily find mine too.\nSecondly, my self-hosted Gitea instance was setup to allow anyone with a valid email address to register. That is, theyd register and receive an address validation email, and completing that validation creates a full account. In the past this hasnt been an issue, and has allowed friends/colleagues to create their own accounts without my intervention. However, soon after being indexed by Google, somebody took advantage.\nFinally, my self-hosted CI server authenticates via my Gitea server. Therefore, anyone with an account on my Gitea server can start running CI jobs. This is of course useful for the same reasons as above, but combined means that anyone with a valid email address was allowed to use my CI server.\nCrypto honeypots 💰🍯 While I originally felt like my space had been invaded, I realised after some thought that very little damage had been done. At the cost of a bit of CPU time, Id been given a firm wake up call about holes in the security of my systems, rather than having an attacker poke around for something more juicy.\nThis situation immediately reminded me of the Mirage bitcoin pinata. The Mirage team were happy to give away some Bitcoin in exchange for learning about the flaws in their system. Still in the world of crypto, I gave away some CPU time to learn about gaps in my security.\nThe learnings 📚 What went wrong Too trusting of the Internet. Until Tuesday, anyone with a valid email address could register on my Gitea server - intentionally! This is now locked down to a few friendly domains.\nForgetting unintended use cases. While undeniably a powerful tool, CI servers have literally the purpose of remote code execution. Containerisation protects the host, but not the network it lives in.\nInternal firewalls are important. My external firewalls are pretty strong, but protection against internal threats was very weak. Banning my virtual machines from private network access, except where necessary, has reduced this threat vector significantly.\nWhat went well Constant vigilance worked out. Of the many times Ive ran htop on this server Ive been surprised only once, but I did catch it.\nThe attacker took something cheap. I lost some CPU time, rather than the attacker taking the time to look for something more interesting.\nContainerisation limited the easy damage. Though there arent any resource limits on my CI jobs, they run on an single purpose virtual machine in containers. Though the processes in the earlier figure may appear to be running as root, there is very little damage they can do to the machine itself.\nFinal thoughts This whole experience was a reminder to reconsider my threat model. A CI server is a machine built for remote code execution, and authorisation is often tightly coupled to a less sensitive source control system. This attack was certainly a surprise to me, particularly in the way it used my systems as intended but for a nefarious purpose.\n","wordCount":"643","inLanguage":"en","datePublished":"2022-03-07T18:00:00Z","dateModified":"2022-03-07T18:00:00Z","author":{"@type":"Person","name":"Jake Hillion"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://blog.hillion.co.uk/posts/drone-hack/"},"publisher":{"@type":"Organization","name":"Jake Hillion","logo":{"@type":"ImageObject","url":"https://blog.hillion.co.uk/favicon.ico"}}}</script></head><body id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://blog.hillion.co.uk/ accesskey=h title="Jake Hillion (Alt + H)">Jake Hillion</a>
<span class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></span></div><ul id=menu><li><a href=https://blog.hillion.co.uk/categories/ title=categories><span>categories</span></a></li><li><a href=https://blog.hillion.co.uk/tags/ title=tags><span>tags</span></a></li></ul></nav></header><main class=main><article class=post-single><header class=post-header><div class=breadcrumbs><a href=https://blog.hillion.co.uk/>Home</a>&nbsp;»&nbsp;<a href=https://blog.hillion.co.uk/posts/>Posts</a></div><h1 class=post-title>Drone CI and Crypto Honeypots 💰🍯📚</h1><div class=post-meta><span title='2022-03-07 18:00:00 +0000 UTC'>March 7, 2022</span>&nbsp;·&nbsp;4 min&nbsp;·&nbsp;Jake Hillion</div></header><div class=post-content><p>One gloomy Tuesday evening, I SSHed into my CI server and ran <code>htop</code> as I had hundreds of times before. The machine is pinned running my jobs, but wait&mldr; Something is wrong.</p><figure><img loading=lazy src=images/large_htop.png><figcaption>htop showing bad things</figcaption></figure><p>I certainly wasn&rsquo;t running any jobs involving Tensorflow, and I&rsquo;m not in the habit of mining cryptocurrencies on my CI server.</p><p>This post will cover the series of events that lead to this happening, what happened, and the learnings I&rsquo;ve taken away from it.</p><h2 id=a-series-of-unfortunate-events->A series of unfortunate events ⛈<a hidden class=anchor aria-hidden=true href=#a-series-of-unfortunate-events->#</a></h2><p>The first blow? I&rsquo;ve been posting <a href=/posts/weekly-2022-02-28/>weekly updates</a> on this blog which include a variety of links to my <a href=https://gitea.hillion.co.uk>self-hosted Gitea server</a>. As this blog is crawled by Google, my Gitea site got crawled too. That means that all of my code is now indexed by Google. Cool! What it also means is that people searching for Gitea servers to exploit can now easily find mine too.</p><p>Secondly, my self-hosted Gitea instance was setup to allow anyone with a valid email address to register. That is, they&rsquo;d register and receive an address validation email, and completing that validation creates a full account. In the past this hasn&rsquo;t been an issue, and has allowed friends/colleagues to create their own accounts without my intervention. However, soon after being indexed by Google, somebody took advantage.</p><p>Finally, my self-hosted CI server authenticates via my Gitea server. Therefore, anyone with an account on my Gitea server can start running CI jobs. This is of course useful for the same reasons as above, but combined means that anyone with a valid email address was allowed to use my CI server.</p><h2 id=crypto-honeypots->Crypto honeypots 💰🍯<a hidden class=anchor aria-hidden=true href=#crypto-honeypots->#</a></h2><p>While I originally felt like my space had been invaded, I realised after some thought that very little damage had been done. At the cost of a bit of CPU time, I&rsquo;d been given a firm wake up call about holes in the security of my systems, rather than having an attacker poke around for something more juicy.</p><p>This situation immediately reminded me of the <a href=https://mirage.io/blog/bitcoin-pinata-results>Mirage bitcoin pinata</a>. The Mirage team were happy to give away some Bitcoin in exchange for learning about the flaws in their system. Still in the world of crypto, I gave away some CPU time to learn about gaps in my security.</p><h2 id=the-learnings->The learnings 📚<a hidden class=anchor aria-hidden=true href=#the-learnings->#</a></h2><h3 id=what-went-wrong>What went wrong<a hidden class=anchor aria-hidden=true href=#what-went-wrong>#</a></h3><ul><li><p>Too trusting of the Internet. Until Tuesday, anyone with a valid email address could register on my Gitea server - intentionally! This is now locked down to a few friendly domains.</p></li><li><p>Forgetting unintended use cases. While undeniably a powerful tool, CI servers have literally the purpose of remote code execution. Containerisation protects the host, but not the network it lives in.</p></li><li><p>Internal firewalls are important. My external firewalls are pretty strong, but protection against internal threats was very weak. Banning my virtual machines from private network access, except where necessary, has reduced this threat vector significantly.</p></li></ul><h3 id=what-went-well>What went well<a hidden class=anchor aria-hidden=true href=#what-went-well>#</a></h3><ul><li><p>Constant vigilance worked out. Of the many times I&rsquo;ve ran <code>htop</code> on this server I&rsquo;ve been surprised only once, but I did catch it.</p></li><li><p>The attacker took something cheap. I lost some CPU time, rather than the attacker taking the time to look for something more interesting.</p></li><li><p>Containerisation limited the easy damage. Though there aren&rsquo;t any resource limits on my CI jobs, they run on an single purpose virtual machine in containers. Though the processes in the earlier figure may appear to be running as root, there is very little damage they can do to the machine itself.</p></li></ul><h2 id=final-thoughts>Final thoughts<a hidden class=anchor aria-hidden=true href=#final-thoughts>#</a></h2><p>This whole experience was a reminder to reconsider my threat model. A CI server is a machine built for remote code execution, and authorisation is often tightly coupled to a less sensitive source control system. This attack was certainly a surprise to me, particularly in the way it used my systems as intended but for a nefarious purpose.</p></div><footer class=post-footer><ul class=post-tags><li><a href=https://blog.hillion.co.uk/tags/home-lab/>Home Lab</a></li><li><a href=https://blog.hillion.co.uk/tags/proxmox/>Proxmox</a></li><li><a href=https://blog.hillion.co.uk/tags/drone/>Drone</a></li><li><a href=https://blog.hillion.co.uk/tags/gitea/>Gitea</a></li><li><a href=https://blog.hillion.co.uk/tags/continuous-integration/>Continuous Integration</a></li></ul><nav class=paginav><a class=prev href=https://blog.hillion.co.uk/posts/weekly-2022-03-14/><span class=title>« Prev Page</span><br><span>Jake's Weekly - 14th March 2022</span></a>
<a class=next href=https://blog.hillion.co.uk/posts/weekly-2022-02-28/><span class=title>Next Page »</span><br><span>Jake's Weekly - 28th Feb 2022</span></a></nav><div class=share-buttons><a target=_blank rel="noopener noreferrer" aria-label="share Drone CI and Crypto Honeypots 💰🍯📚 on twitter" href="https://twitter.com/intent/tweet/?text=Drone%20CI%20and%20Crypto%20Honeypots%20%f0%9f%92%b0%f0%9f%8d%af%f0%9f%93%9a&amp;url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fdrone-hack%2f&amp;hashtags=HomeLab%2cProxmox%2cDrone%2cGitea%2cContinuousIntegration"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Drone CI and Crypto Honeypots 💰🍯📚 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fdrone-hack%2f&amp;title=Drone%20CI%20and%20Crypto%20Honeypots%20%f0%9f%92%b0%f0%9f%8d%af%f0%9f%93%9a&amp;summary=Drone%20CI%20and%20Crypto%20Honeypots%20%f0%9f%92%b0%f0%9f%8d%af%f0%9f%93%9a&amp;source=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fdrone-hack%2f"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Drone CI and Crypto Honeypots 💰🍯📚 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fdrone-hack%2f&title=Drone%20CI%20and%20Crypto%20Honeypots%20%f0%9f%92%b0%f0%9f%8d%af%f0%9f%93%9a"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Drone CI and Crypto Honeypots 💰🍯📚 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fdrone-hack%2f"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Drone CI and Crypto Honeypots 💰🍯📚 on whatsapp" href="https://api.whatsapp.com/send?text=Drone%20CI%20and%20Crypto%20Honeypots%20%f0%9f%92%b0%f0%9f%8d%af%f0%9f%93%9a%20-%20https%3a%2f%2fblog.hillion.co.uk%2fposts%2fdrone-hack%2f"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Drone CI and Crypto Honeypots 💰🍯📚 on telegram" href="https://telegram.me/share/url?text=Drone%20CI%20and%20Crypto%20Honeypots%20%f0%9f%92%b0%f0%9f%8d%af%f0%9f%93%9a&amp;url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fdrone-hack%2f"><svg viewBox="2 2 28 28"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg></a></div></footer><div id=disqus_thread></div><script type=application/javascript>window.disqus_config=function(){},function(){if(["localhost","127.0.0.1"].indexOf(window.location.hostname)!=-1){document.getElementById("disqus_thread").innerHTML="Disqus comments not available by default when the website is previewed locally.";return}var t=document,e=t.createElement("script");e.async=!0,e.src="//blog-hillion-co-uk.disqus.com/embed.js",e.setAttribute("data-timestamp",+new Date),(t.head||t.body).appendChild(e)}()</script><noscript>Please enable JavaScript to view the <a href=https://disqus.com/?ref_noscript>comments powered by Disqus.</a></noscript><a href=https://disqus.com class=dsq-brlink>comments powered by <span class=logo-disqus>Disqus</span></a></article></main><footer class=footer><span>&copy; 2024 <a href=https://blog.hillion.co.uk/>Jake Hillion</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://git.io/hugopapermod rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
Reference in New Issue View Git Blame Copy Permalink