Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Two Strategies for Supply Chain Attacks

Hack In The Box Security Conference via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore two strategies for supply chain attacks in this Hack In The Box Security Conference talk. Delve into the BARIUM APT group's tactics, techniques, and procedures (TTPs) used in various supply chain attacks, including the ASUS Operation ShadowHammer. Learn about the group's targeting of game and software development companies worldwide, their use of 'winnti' and 'PlugX' malware, and the Korea Internet & Security Agency's analysis of related incidents. Discover how attackers compromise software development environments and update servers to execute these sophisticated attacks. Gain insights from experienced cybersecurity professionals on intrusion analysis, malware detection, and defensive strategies against supply chain threats. Examine multiple case studies, explore the ATT&CK Matrix, and understand the importance of securing software development and distribution processes.

Syllabus

Intro
What is Supply Chain Attack?
ASUS Supply Chain Attack : Select Infection PC
ASUS Supply Chain Attack : TYPE - B
Case Study: Supply Chain Attack
Case A : Overview
Case B: Overview
Case B: Plug X malware
Case B : Select Infection PC
Case C: Overview
Case C: Hiding Attacker IP
Case C: Distribution Additional Malware
Case D: Overview Update server of
Case E : Overview
Case E : Hijacking account
Association Analysis: Select Infection PC
Association Analysis: Code Tampering
Association Analysis: ShadowPad
Association Analysis : Plugx Module
Association Analysis : Attacker IP
Attack Features and Strategies : ATT&CK Matrix
Defensive Strategy

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Two Strategies for Supply Chain Attacks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.