Krakow, Poland, 19 - 21 June 2024
Take a step into the world of black hat hacking groups and follow them step by step through a supply chain attack.
Software supply chain attacks have become alarmingly more prominent over the past years. Successful exploits have changed the economics adversaries use allowing them to conduct more sophisticated attacks which have wide-reaching implementations. This presentation will focus on exactly how adversaries target and exploit the software supply chain.
We first examine broadly what supply chains are using the SLSA framework and take a short journey into the interesting world of hacker economics, hackanomics if you like. Here we will explain the relationship between financial risk and reward that drives malicious actors' activities, further exploring why attacking the supply chain flipped previous economic models on this on their head.
Next, we will focus our attention on three different methods of attacking the supply chain, these are:
In the final stretch, we'll synthesize our findings into effective defense strategies, emphasizing the concept of inside-out security, breach detection, and containment.
Software supply chain attacks have become alarmingly more prominent over the past years. Successful exploits have changed the economics adversaries use allowing them to conduct more sophisticated attacks which have wide-reaching implementations. This presentation will focus on exactly how adversaries target and exploit the software supply chain.
We first examine broadly what supply chains are using the SLSA framework and take a short journey into the interesting world of hacker economics, hackanomics if you like. Here we will explain the relationship between financial risk and reward that drives malicious actors' activities, further exploring why attacking the supply chain flipped previous economic models on this on their head.
Next, we will focus our attention on three different methods of attacking the supply chain, these are:
- Attacking the CI/CD pipeline
- Breaching the version control systems (VCS)
- Poisoning open-source dependencies
- Abusing AI LLMS
In the final stretch, we'll synthesize our findings into effective defense strategies, emphasizing the concept of inside-out security, breach detection, and containment.
Mackenzie Jackson
GitGuardian
Mackenzie is a developer and security advocate with a passion for DevOps and application security. As the co-founder and former CTO of the health tech company Conpago, he learned first-hand how critical it is to build secure applications with robust developer operations.
Today Mackenzie continues his passion for security by working with the GitGuardian research team to uncover the latest trends malicious actors are using. Mackenzie is also the host of The Security Repo podcast, an established security writer, and an experienced global speaker.
Today Mackenzie continues his passion for security by working with the GitGuardian research team to uncover the latest trends malicious actors are using. Mackenzie is also the host of The Security Repo podcast, an established security writer, and an experienced global speaker.
Ticket prices will go up in...
176
Days
:
11
Hours
:
55
Minutes
:
02
Seconds
You missed out!
Venue address
ICE Krakow, ul. Marii Konopnickiej 17
Phone
+48 691 793 877
info@devoxx.pl