logo
securityArticlesConferencesPresentations

Breaking the Chain: An Attacker's Perspective on Supply Chain Vulnerabilities and Flaws

Conference:  Black Hat Asia 2023

2023-05-12

Authors:   Yakir Kadkoda, Ilay Goldman

Abstract

Our talk divides the cloud development flow into 5 phases: IDE, SCM, package managers, CI/CD and Artifacts. We will demonstrate how supply chain attacks can affect organizations at each phase. This includes the risks of cloud, platforms, and application development, as well as the attacker's perspective on how to exploit these areas.We will unveil vulnerabilities and flaws in popular platforms corresponding to each one of the areas. We will also talk about the eco-system and how developers are working with these platforms. Finally, we will show our original research including vulnerabilities and flaws in various platforms and talk about each finding and its implications and mitigations.
Materials:
Tags:
Cloud Development
IDE
SCM
package managers
CI/CD

Post a comment

Related work

Exploiting Vulnerabilities and Flaws to Attack Supply Chain

Conference:  RSA Conference 2023
Authors: Ilay Goldman, Yakir Kadkoda
2023-04-24

Dive into Apple IO80211FamilyV2

Conference:  BlackHat USA 2020
Authors:
2020-08-06

Building SLSA 3 Conforment Attestors for Artifacts Generated on GitHub

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Ian Lewis, Asra Ali
2023-04-21

Do You Speak My Language? Make Static Analysis Engines Understand Each Other

Conference:  BlackHat USA 2021
Authors:
2021-08-04

Web2Own: Attacking Desktop Apps From Web Security's Perspective

Conference:  Defcon 27
Authors:
2019-08-01

Owfuzz: WiFi Nightmare

Conference:  BlackHat USA 2021
Authors:
2021-11-10