Hackfest 2021 N1ghtmar3s Edition

I am so happy to be presenting at Hackfest once again. This year will be virtual, with the usual excellent selection of cutting edge talks and trainings – you should really check them out. Hackfest is also known for its CTF, and features a beginner one. And of course there are villages and sponsors to visit!

I’ll be presenting at 2:30 EDT Friday November 19, 2021. “Signed, Sealed, Delivered: Abusing Trust in Software Supply Chain Attacks”. Because that’s been a thing this year 😉 I’ve attached my slide deck below. Hope you can join the fun!

What I did on my Pandemic Summer Vacation 2021

There were donuts and APTs involved, just not at the same time 😉

I was thrilled to speak at Defcon 29 Adversary Village about software supply chain compromise, highlighting Chinese threat actor groups.
And I got to share my passion on securing IoT with IoT Village! There have been a series of mass vulnerabilities affecting embedded devices
Then I had the thrill of speaking at AppSec Village on software supply chain compromise highlighting the abuse of trust.

The events were well done, with excellent talks and my sincere appreciation to the volunteers who made it all happen and were super helpful. I was so happy, so honored to have been invited to speak at each of these villages virtually this year, and to have been involved in Defcon this year. I miss the live conference experience and especially Hacker Summer Camp ❤

And yes, there was a trip to Maine and amazing donuts!
With an unexpected road trip at the end to get back home since flights were cancelled. But all went well!

Comparing Chinese APTs in Software Supply Chain Attacks

This is to accompany my talk at Defcon 29 Adversary Village (ZOMG really thrilled to say that). It’s a work in progress. Chinese APTs are wonderfully, frustratingly complex entities. There’s a lot of overlap, sharing of tools, techniques, malware. Of note was certificate abuse across the board. And several companies with striking resemblance to SolarWInds offering trusted high level network management to major organizations and government globally. It’s happened before, it will happen again.

So take this as a starting point. Rather than reinvent the wheel, check the links in the file for download to Thaicert’s excellent site on Threat actors, and of course the relevant pages from MITRE. I’ll revise and refresh this as I dig deeper. These attacks are only going up.

The Diana Initiative 2021

Outstanding talks by these amazing speakers

Spark a Journey! This is the week! Friday July 16 and Saturday July 17. This year’s event will be virtual again, building off success and lessons learned from last year.

As the website states, TDI is a diversity-driven conference committed to helping all underrepresented genders, sexualities, races and cultures in Information Security.

The theme for 2021 is “Spark A Journey” to celebrate that force, that spark within each of us that can lead to many ways we inspire and drive change. The beautiful stylized images of the paper cranes by the wonderful @1dark1 represent metamorphosis, a symbolic re-emergence after the many long months of pandemic confinement and isolation. It’s a hopeful, empowering message we all need just now.

This year’s event will have multiple speaker tracks, fully expanded villages and workshops and a women-led Capture the Flag event. Tickets are available and so affordable! Get yours here and come join us: https://hopin.com/events/2021-diana-initative

Exciting News! TDI at RSA 2021

I’m honoured to represent The Diana Initiative again this year at RSA! We’ll be hosting an interactive and engaging session on Career Paths as part of the “Birds of a Feather” series. What better way to give back and welcome in new talent and ideas! Our session will be on Wednesday May 19, starting at 10:05 PST / 1:05 EST just after the amazing opening talk by Caroline Wong. https://www.rsaconference.com/usa 

4/16/2021

You made it!

Geopolitics: Yesterday the US hit back hard at Russian cyberattacks and meddling. An exec order from the Oval Office delivers wide-ranging economic sanctions that hit right where it hurts, so that Russia won’t be able to raise the funds it needs the way it has been, plus adds in some diplomatic expulsions. And it prohibits US banks from buying ruble bonds. The EO impacts several tech firms including Positive Technologies. You can read the details here. Be prepared for fallout.

Severe bug warning for OT in EtherNet/IP Stack per The Hacker News

CISA issued this advisory on Thursday for a number of severe vulnerabilities in OpENer EhterNet/IP stack that could put industrial systems at risk of RCE, DoS and data leaks. The warning extends to all OpENer commits and versions before February 10 2021. To exploit, an attacker need only send crafted ENIP or CIP packets to a device. As we now know (because I keep telling you 😊) OT and industrial systems are different and need our attention.

Codecov Possible Supply Chain compromise 😱 per Bleeping Computer

In a year of supply chain compromise, here’s another. Codecov is an online platform used by over 29,000 enterprise organizations like Atlassian, GoDaddy, proctor &Gamble. Yeah. It helps measure source code execution during testing, because stats matter.

Looks like a threat actor may have found their way into the system back in January, and tampered with the Bash Uploader script, the tool clients use to upload their code reports. The tainted version – omg does this feel like SolarWinds?!- could allow access and export of sensitive client info including credentials, tokens, keys plus services, app codes etc. If you are using this service you need to get on this asap.