Attacking the Source: Surreptitious Software Features (and How to Become Extremely Paranoid)

Presented at The Eleventh HOPE (2016), July 23, 2016, 11 p.m. (60 minutes).

Forget about network perimeters - an organization's real attack surface is made up of which codebases can be interacted with or altered. This talk explores the past history and the methods available for maliciously altering codebases and it even includes how an attacker can bring their code into your organization without even touching your perimeter. Topics covered include everything from conceptualizing an attack path to the execution of it; including obtaining relevant target information, exploiting the human element, writing plausibly deniable vulnerable source code, and backdooring binaries.


Presenters:

  • Joshua
    Joshua is a red teamer and former infantryman who thoroughly enjoys getting into an attacker mindset.

Links: