Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Code Dependency - Chinese APTs in Software Supply Chain Attacks

BSidesLV via YouTube

Overview

Explore the evolution and impact of Chinese Advanced Persistent Threats (APTs) in software supply chain attacks through this comprehensive conference talk from BSidesLV 2022. Delve into notable incidents such as Operation Aurora, NotPetya, and ShadowHammer, examining their code breakdowns and attack methodologies. Investigate the exploitation of open-source software and the SonarQube breach. Analyze high-profile cases like SolarWinds, Dependency Confusion, XcodeSpy, and Kaseya VSA, along with other significant attacks from 2017 to 2020. Gain valuable insights into the abuse of trust, attack patterns, and essential takeaways for defending against these sophisticated threats in the software supply chain ecosystem.

Syllabus

Intro
THE ABUSE OF TRUST
OPERATION AURORA 2009
NOTPETYA 2017
SHADOWHAMMER 2019
CODE BREAKDOWN
PWNING OPEN SOURCE
SONARQUBE 11/2020
PLAN OF ATTACK
SOLARWINDS
Dependency Confusion Study
XCODESPY
CODECOV
KASEYA VSA AGENT HOT-FIX
2017 KINGSLAYER
2017 CCLEANER
2020 ABLE DESKTOP
2020 GOLDENSPY
TAKEAWAYS
PACKAGE HUNTER

Taught by

BSidesLV

Reviews

Start your review of Code Dependency - Chinese APTs in Software Supply Chain Attacks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.