Explore the tactics, techniques, and procedures (TTPs) of attacks on open-source software in Python during this comprehensive conference talk from Conf42 DevSecOps 2023. Delve into the importance of supply chain security, tracing the history of attacks and examining common TTPs. Witness live demonstrations of starjacking, installation and delivery methods, as well as exfiltration and command and control techniques. Learn about effective defense strategies to protect against these threats. Gain valuable insights into securing Python packages and enhancing overall software supply chain security.
TTPs of Attacks on OSS in Python - Trusty Package Security
Overview
Syllabus
intro
preamble
disclaimer
contents
why this topic is important?
history of supply-chain attacks
ttps in supply-chain attacks
starjacking demo
installation & delivery
- demo
exfiltration and c2
- demo
defences
credits and references
thank you!
Taught by
Conf42
Related Courses
-
Adding Security for Reliable Continuous Delivery
-
Supply Chain Attacks: Focusing on NPM Vulnerabilities - DevSecOps 2023
-
Secure Software Supply Chains for Python
-
Software Supply Chain Security: Definition and Importance - Episode 1
-
OSS Supply Chain Threats and Why You Need a Holistic Security Strategy
-
Stranger Danger - Your JavaScript Attack Surface Just Got Bigger
