I am so happy to be presenting at Hackfest once again. This year will be virtual, with the usual excellent selection of cutting edge talks and trainings – you should really check them out. Hackfest is also known for its CTF, and features a beginner one. And of course there are villages and sponsors to visit!
I’ll be presenting at 2:30 EDT Friday November 19, 2021. “Signed, Sealed, Delivered: Abusing Trust in Software Supply Chain Attacks”. Because that’s been a thing this year 😉 I’ve attached my slide deck below. Hope you can join the fun!
There were donuts and APTs involved, just not at the same time 😉
The events were well done, with excellent talks and my sincere appreciation to the volunteers who made it all happen and were super helpful. I was so happy, so honored to have been invited to speak at each of these villages virtually this year, and to have been involved in Defcon this year. I miss the live conference experience and especially Hacker Summer Camp ❤
This is to accompany my talk at Defcon 29 Adversary Village (ZOMG really thrilled to say that). It’s a work in progress. Chinese APTs are wonderfully, frustratingly complex entities. There’s a lot of overlap, sharing of tools, techniques, malware. Of note was certificate abuse across the board. And several companies with striking resemblance to SolarWInds offering trusted high level network management to major organizations and government globally. It’s happened before, it will happen again.
So take this as a starting point. Rather than reinvent the wheel, check the links in the file for download to Thaicert’s excellent site on Threat actors, and of course the relevant pages from MITRE. I’ll revise and refresh this as I dig deeper. These attacks are only going up.
Spark a Journey! This is the week! Friday July 16 and Saturday July 17. This year’s event will be virtual again, building off success and lessons learned from last year.
As the website states, TDI is a diversity-driven conference committed to helping all underrepresented genders, sexualities, races and cultures in Information Security.
The theme for 2021 is “Spark A Journey” to celebrate that force, that spark within each of us that can lead to many ways we inspire and drive change. The beautiful stylized images of the paper cranes by the wonderful @1dark1 represent metamorphosis, a symbolic re-emergence after the many long months of pandemic confinement and isolation. It’s a hopeful, empowering message we all need just now.
This year’s event will have multiple speaker tracks, fully expanded villages and workshops and a women-led Capture the Flag event. Tickets are available and so affordable! Get yours here and come join us: https://hopin.com/events/2021-diana-initative
To be honest and cliche, today feels like the first day or the rest of my life. There are so many still in that dark place of despair and isolation but this second dose represents a lifeline up and out, to brighter days and all the possibilities. Hang onto your hope
I’m honoured to represent The Diana Initiative again this year at RSA! We’ll be hosting an interactive and engaging session on Career Paths as part of the “Birds of a Feather” series. What better way to give back and welcome in new talent and ideas! Our session will be on Wednesday May 19, starting at 10:05 PST / 1:05 EST just after the amazing opening talk by Caroline Wong. https://www.rsaconference.com/usa
I’m sorry for not posting these past two weeks. My tank is low and what I had was used for work and volunteering. Please take care of yourself and don’t feel bad if you need to scale back because these times are hard on all of us. Your best is enough
Geopolitics: Yesterday the US hit back hard at Russian cyberattacks and meddling. An exec order from the Oval Office delivers wide-ranging economic sanctions that hit right where it hurts, so that Russia won’t be able to raise the funds it needs the way it has been, plus adds in some diplomatic expulsions. And it prohibits US banks from buying ruble bonds. The EO impacts several tech firms including Positive Technologies. You can read the details here. Be prepared for fallout.
CISA issued this advisory on Thursday for a number of severe vulnerabilities in OpENer EhterNet/IP stack that could put industrial systems at risk of RCE, DoS and data leaks. The warning extends to all OpENer commits and versions before February 10 2021. To exploit, an attacker need only send crafted ENIP or CIP packets to a device. As we now know (because I keep telling you 😊) OT and industrial systems are different and need our attention.
In a year of supply chain compromise, here’s another. Codecov is an online platform used by over 29,000 enterprise organizations like Atlassian, GoDaddy, proctor &Gamble. Yeah. It helps measure source code execution during testing, because stats matter.
Looks like a threat actor may have found their way into the system back in January, and tampered with the Bash Uploader script, the tool clients use to upload their code reports. The tainted version – omg does this feel like SolarWinds?!- could allow access and export of sensitive client info including credentials, tokens, keys plus services, app codes etc. If you are using this service you need to get on this asap.