Fighting the Impossible: Supply Chain Attacks
Bojan Zdrnja, SANS Certified Instructor
In last few years we have witnessed many supply chain attacks. Severity of risk resulting from supply chain attacks has been recognized by many regulations, including NIS2 in Europe which tries to prepare organizations for addressing supply chain attacks.
In this presentation we will go through several supply chain attacks and pay special attention to the xz SSH backdoor supply chain attack, which is almost certainly the most sophisticated and prepared supply chain attack to date.
We will dive into both technical details of how well crafted the xz backdoor was, but also into the ecosystem of fake accounts that was created around the backdoor in order to achieve the attacker's ultimate goal: backdoor every Linux server in the world that is using Systemd.
DFIR Kung Fu
Kevin Ripa, SANS Senior Instructor
What are we doing wrong and how can we fix it? What happens when badness happens before we can fix things? Where is my data? What is important from a DFIR perspective? All these questions and more will be answered in this presentation. We will cover how the adversary compromises you, and then how to rapidly respond. This is not a "step-by-step", but rather an overview of how we need to change the current mindset regarding acquisition and analysis of data in an investigation.
