Community Night Cyber Defence Singapore August 28th

Fighting the Impossible: Supply Chain Attacks

Bojan Zdrnja, SANS Senior Instructor

In last few years we have witnessed many supply chain attacks. Severity of risk resulting from supply chain attacks has been recognized by many regulations, including NIS2 in Europe which tries to prepare organizations for addressing supply chain attacks.

In this presentation we will go through several supply chain attacks and pay special attention to the xz SSH backdoor supply chain attack, which is almost certainly the most sophisticated and prepared supply chain attack to date.

We will dive into both technical details of how well crafted the xz backdoor was, but also into the ecosystem of fake accounts that was created around the backdoor in order to achieve the attacker's ultimate goal: backdoor every Linux server in the world that is using Systemd.

This talk will cover the fundamentals of writing asynchronous code using Python. It will include common keywords such as async and await, as well as cover usages of the asyncio standard library. The talk will demonstrate these by extending the malware written in Day5 of SEC573 to use an asynchronous approach.

DFIR Kung Fu

Kevin Ripa, SANS Senior Instructor

What are we doing wrong and how can we fix it? What happens when badness happens before we can fix things? Where is my data? What is important from a DFIR perspective? All these questions and more will be answered in this presentation. We will cover how the adversary compromises you, and then how to rapidly respond. This is not a "step-by-step", but rather an overview of how we need to change the current mindset regarding acquisition and analysis of data in an investigation.