Understanding Typosquatting in Language-Based Package Ecosystems

Slide Note
Embed
Share

Typosquatting in language-based package ecosystems refers to the malicious practice of registering domain names that are similar to popular packages or libraries with the intention of tricking developers into downloading malware or compromised software. This threat vector is a serious issue as it can lead to the inadvertent installation of malicious code, compromising the security of software supply chains.

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

maia
maia Follow

Uploaded on Apr 03, 2024 | 0 Views

Presentation Transcript

  1. EXERCISE #37 SUPPLY CHAIN SECURITY REVIEW Write your name and answer the following on a piece of paper Describe what typosquatting is in language-based package ecosystems and why it is a threat vector. 1

  2. Coding Project Clarifications ADMINISTRIVIA AND ANNOUNCEMENTS

  3. This is the last lecture on new material ADMINISTRIVIA AND ANNOUNCEMENTS

  4. (ANTI) REVERSE ENGINEERING EECS 677: Software Security Evaluation Drew Davidson

  5. 5 WHERE WE RE AT GRAB-BAG TOPICS!

  6. 6 PREVIOUSLY: SUPPLY CHAIN SECURITY LECTURE REVIEW SOFTWARE SUPPLY CHAIN SECURITY Supply chain overview Threats Defenses

  7. 7 THIS LECTURE REVERSE ENGINEERING REVERSE ENGINEERING Goals Challenges Tools Evasion

  8. 8 WHY DO WE NEED REVERSE ENGINEERING? OVERVIEW SIMPLE ANSWER: IP theft! POSSIBLY-LEGITIMATE ANSWER IP theft of malware ANSWERTHATSOMEPEOPLEBUY Analysis of possibly-legitimate binary-only software

  9. 9 PURELY STATIC APPROACHES CHALLENGES Binary File (Program, Library, etc.) Source Code Assembly Text

  10. 10 WHAT ABOUT DYNAMIC APPROACHES? ISSUES

  11. 11 CHALLENGES OVERVIEW

  12. 12 FOCUS ON DISASSEMBLY ISSUES Binary File (Program, Library, etc.) Source Code Assembly Text Why is this hard? Obfuscation!

  13. 13 FUNDAMENTALLY A LOSING GAME ISSUES Execution needs less information than compilation, exacerbated by optimization Implicit protocols are fine for execution, not for understanding

  14. 14 INSTRUCTION RE-INTERPRETATION CHALLENGES

  15. 15 TIME BOMBS CHALLENGES

  16. 16 PACKING CHALLENGES

  17. 17 TOOLS TOOLS NEW ANSWER Ghidra OLD ANSWER Ida Pro + Hex Rays

  18. 18 GHIDRA REVERSE ENGINEERING: TOOLS

  19. 19 GHIDRA: HISTORY REVERSE ENGINEERING: TOOLS Internal project by the NSA since at least 2017, likely used for much longer

  20. 20 GHIDRA: DEVELOPMENT REVERSE ENGINEERING: TOOLS AVAILABLEFROMTHE NSA GITHUBPAGE https://github.com/NationalSecurityAgency/ghidra/releases C++ decompiler, frontend interface in Java+Swing Facilities for both static reverse engineering and program exploration (i.e. debugging)

  21. 21 WRAP-UP SOFTWARE SUPPLY CHAINS REVERSE ENGINEERINGIS HARD! Some heuristic techniques might be ok

  22. 22 THAT S ALL FOLKS! SOFTWARE SUPPLY CHAINS THISMARKSTHEENDOFNEWMATERIALINTHECLASS

  23. 23 THANKS FOR YOUR QUESTIONS! SOFTWARE SUPPLY CHAINS SPECIAL THANKSTOEVERYONETHATPOSTEDON PIAZZA

Related


Understanding Ecosystems: Types, Components, and Interactions

Understanding Ecosystems: Types, Components, and Interactions

liya
Understanding Fish Ecology: Interactions, Diversity, and Environmental Factors

Understanding Fish Ecology: Interactions, Diversity, and Environmental Factors

birdie
Understanding Translation: Key Concepts and Definitions

Understanding Translation: Key Concepts and Definitions

daniella
Gender Equity Discussion Package in Healthcare

Gender Equity Discussion Package in Healthcare

evelynn
Academic Language Demands and Supports in Instructional Planning

Academic Language Demands and Supports in Instructional Planning

jude
Understanding Ecosystems: Ecological Interactions and Dependencies

Understanding Ecosystems: Ecological Interactions and Dependencies

hannibal
Understanding the Impact of Lead Contamination on Human Health and Ecosystems

Understanding the Impact of Lead Contamination on Human Health and Ecosystems

lapis
Cost-effectiveness of WHO-endorsed Advanced HIV Care Package in Malawi

Cost-effectiveness of WHO-endorsed Advanced HIV Care Package in Malawi

rain
Campus Mail Services Package Shipping Tutorial

Campus Mail Services Package Shipping Tutorial

april
The Significance of Media in Language Learning

The Significance of Media in Language Learning

vanessa
Language and Communication in Society: Understanding Interactions

Language and Communication in Society: Understanding Interactions

alison
Understanding Language: Informative, Expressive, and Directive Uses

Understanding Language: Informative, Expressive, and Directive Uses

atreyu
Exploring Different Ecosystem Types and Functions

Exploring Different Ecosystem Types and Functions

favor
Exploring Onshape: A Cloud-Based 3D CAD Package for Students

Exploring Onshape: A Cloud-Based 3D CAD Package for Students

special
Recent Advances in Large Language Models: A Comprehensive Overview

Recent Advances in Large Language Models: A Comprehensive Overview

anais
Career Opportunities and Challenges in Translation & Interpreting Pedagogy Post-Pandemic

Career Opportunities and Challenges in Translation & Interpreting Pedagogy Post-Pandemic

sacha
Promoting Respectful Language Use for People with Disabilities

Promoting Respectful Language Use for People with Disabilities

eliot
Linguistics: Exploring Language Structure and Morphology

Linguistics: Exploring Language Structure and Morphology

zaria
Understanding Language and Linguistics

Understanding Language and Linguistics

stellan
Understanding Types of Tasks in Language Learning

Understanding Types of Tasks in Language Learning

imelda
People First Language and Identity First Language.

People First Language and Identity First Language.

eleonora
Comprehensive Guide to Dialogic Reading for Language Development

Comprehensive Guide to Dialogic Reading for Language Development

kody
Understanding Batrachospermum: A Freshwater Red Alga

Understanding Batrachospermum: A Freshwater Red Alga

tiberius
R&D Contracting Basics: Submitting a Procurement Package

R&D Contracting Basics: Submitting a Procurement Package

rupert

More Related Content

Comprehensive Overview of ABE Lab Manual and Foundations of Biotech Package
Comprehensive Overview of ABE Lab Manual and Foundations of Biotech Package
Active Tuberculosis Drug Safety Monitoring and Management Training Package 2023
Active Tuberculosis Drug Safety Monitoring and Management Training Package 2023
Pradhan Mantri Gram Sadak Yojana eMARG - Digital Transformation for Rural Roads
Pradhan Mantri Gram Sadak Yojana eMARG - Digital Transformation for Rural Roads
Instructions for Completing GLAAS Country Survey 2024
Instructions for Completing GLAAS Country Survey 2024
A Call To Action Legislative Bill Package Overview as of March 15, 2024
A Call To Action Legislative Bill Package Overview as of March 15, 2024
LIFE: EE4HORECA Presentation on Work Package 5.2 and 3 October 2023, Brussels
LIFE: EE4HORECA Presentation on Work Package 5.2 and 3 October 2023, Brussels
Understanding the Importance of Language Development for Human Flourishing
Understanding the Importance of Language Development for Human Flourishing
Interactive Wiradjuri Language Activities for NSW Languages Week 2023
Interactive Wiradjuri Language Activities for NSW Languages Week 2023
Understanding Language Syntax Through Syntax Trees
Understanding Language Syntax Through Syntax Trees
Understanding Large Language Models in Generative AI
Understanding Large Language Models in Generative AI
Understanding Vowels and Consonants in English Language
Understanding Vowels and Consonants in English Language
Understanding Knowledge-Based Agents in Artificial Intelligence
Understanding Knowledge-Based Agents in Artificial Intelligence
Adhesives which harden without chemical reaction
Adhesives which harden without chemical reaction
Understanding Competency-Based Education in Modern Curricula
Understanding Competency-Based Education in Modern Curricula
Community Language Learning
Community Language Learning
Language Teaching Techniques: GTM, Direct Method & Audio-Lingual Method
Language Teaching Techniques: GTM, Direct Method & Audio-Lingual Method
Mastering English: A Comprehensive Approach to Teaching Language Skills
Mastering English: A Comprehensive Approach to Teaching Language Skills
Free Online Korean Lessons and Resources for Language Learners
Free Online Korean Lessons and Resources for Language Learners
Bayala Dharug Dhalang
Bayala Dharug Dhalang
Talk With Me Speech, Language, and Communication Training for Health Visitors - Version 2, 2024
Talk With Me Speech, Language, and Communication Training for Health Visitors - Version 2, 2024
Exploring the Two Dimensions of Meaning: Similarity and Contiguity in Language and Literature
Exploring the Two Dimensions of Meaning: Similarity and Contiguity in Language and Literature
Language Theory and Development: A Review
Language Theory and Development: A Review
Importance of Learning Foreign Languages in Education
Importance of Learning Foreign Languages in Education
Language Expectations and Functions in Educational Units
Language Expectations and Functions in Educational Units