Attacking the supply chain - The miscreant's field manual • Mackenzie Jackson • Devoxx Poland 2024

Описание: Subscribe to our channel: https://youtube.pl/c/DevoxxPoland?sub...

Take a step into the world of black hat hacking groups and follow them step by step through a supply chain attack.
Software supply chain attacks have become alarmingly more prominent over the past years. Successful exploits have changed the economics adversaries use allowing them to conduct more sophisticated attacks which have wide-reaching implementations. This presentation will focus on exactly how adversaries target and exploit the software supply chain.
We first examine broadly what supply chains are using the SLSA framework and take a short journey into the interesting world of hacker economics, hackanomics if you like. Here we will explain the relationship between financial risk and reward that drives malicious actors' activities, further exploring why attacking the supply chain flipped previous economic models on this on their head.
Next, we will focus our attention on three different methods of attacking the supply chain, these are:
Attacking the CI/CD pipeline
Breaching the version control systems (VCS)
Poisoning open-source dependencies
Abusing AI LLMS
For each of these methods we take a walk through the anatomy of high-profile successful attacks, walking the audience through how initial access was made, how privileges were escalated, and ultimately how the hackers achieved their goals.
In the final stretch, we'll synthesize our findings into effective defense strategies, emphasizing the concept of inside-out security, breach detection, and containment.

Recorded at Devoxx Poland 2024

Twitter:   / devoxxpl  
Instagram:   / devoxxpl  

Join us also here:
Devflix: https://devflix.pl

#Devoxx #DevoxxPoland #IT #Development #SoftwareDevelopment