Picking Lockfiles - Attacking & Defending Your Supply Chain

Picking Lockfiles - Attacking & Defending Your Supply Chain

Black Hat via YouTube Direct link

Why are we talking about supply chains?

3 of 15

3 of 15

Why are we talking about supply chains?

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Picking Lockfiles - Attacking & Defending Your Supply Chain

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 A Quick Story
  3. 3 Why are we talking about supply chains?
  4. 4 Attacking Supply Chains with Lockfiles
  5. 5 Defending Supply Chains
  6. 6 Lockfile example
  7. 7 Lockfile Tampering - Example
  8. 8 Multiple Attributes Occurrences
  9. 9 Integrity Hash Not Mandatory
  10. 10 Attacker Perspective: Compromising Supply Chains using Lockfiles
  11. 11 Attacker Techniques and Objectives
  12. 12 Bump-Key Tooling
  13. 13 Example: GitLab Merge Request
  14. 14 Example: Automated Dependency Update
  15. 15 Closing Words

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.