Understanding Typosquatting in Language-Based Package Ecosystems

Typosquatting in language-based package ecosystems refers to the malicious practice of registering domain names that are similar to popular packages or libraries with the intention of tricking developers into downloading malware or compromised software. This threat vector is a serious issue as it can lead to the inadvertent installation of malicious code, compromising the security of software supply chains.

• Typosquatting
• Package Ecosystems
• Threat Vector
• Malware
• Software Security

maia Follow

Uploaded on Apr 03, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. EXERCISE #37 SUPPLY CHAIN SECURITY REVIEW Write your name and answer the following on a piece of paper Describe what typosquatting is in language-based package ecosystems and why it is a threat vector. 1

2. Coding Project Clarifications ADMINISTRIVIA AND ANNOUNCEMENTS

3. This is the last lecture on new material ADMINISTRIVIA AND ANNOUNCEMENTS

4. (ANTI) REVERSE ENGINEERING EECS 677: Software Security Evaluation Drew Davidson

5. 5 WHERE WE RE AT GRAB-BAG TOPICS!

6. 6 PREVIOUSLY: SUPPLY CHAIN SECURITY LECTURE REVIEW SOFTWARE SUPPLY CHAIN SECURITY Supply chain overview Threats Defenses

7. 7 THIS LECTURE REVERSE ENGINEERING REVERSE ENGINEERING Goals Challenges Tools Evasion

8. 8 WHY DO WE NEED REVERSE ENGINEERING? OVERVIEW SIMPLE ANSWER: IP theft! POSSIBLY-LEGITIMATE ANSWER IP theft of malware ANSWERTHATSOMEPEOPLEBUY Analysis of possibly-legitimate binary-only software

9. 9 PURELY STATIC APPROACHES CHALLENGES Binary File (Program, Library, etc.) Source Code Assembly Text

10. 10 WHAT ABOUT DYNAMIC APPROACHES? ISSUES

11. 11 CHALLENGES OVERVIEW

12. 12 FOCUS ON DISASSEMBLY ISSUES Binary File (Program, Library, etc.) Source Code Assembly Text Why is this hard? Obfuscation!

13. 13 FUNDAMENTALLY A LOSING GAME ISSUES Execution needs less information than compilation, exacerbated by optimization Implicit protocols are fine for execution, not for understanding

14. 14 INSTRUCTION RE-INTERPRETATION CHALLENGES

15. 15 TIME BOMBS CHALLENGES

16. 16 PACKING CHALLENGES

17. 17 TOOLS TOOLS NEW ANSWER Ghidra OLD ANSWER Ida Pro + Hex Rays

18. 18 GHIDRA REVERSE ENGINEERING: TOOLS

19. 19 GHIDRA: HISTORY REVERSE ENGINEERING: TOOLS Internal project by the NSA since at least 2017, likely used for much longer

20. 20 GHIDRA: DEVELOPMENT REVERSE ENGINEERING: TOOLS AVAILABLEFROMTHE NSA GITHUBPAGE https://github.com/NationalSecurityAgency/ghidra/releases C++ decompiler, frontend interface in Java+Swing Facilities for both static reverse engineering and program exploration (i.e. debugging)

21. 21 WRAP-UP SOFTWARE SUPPLY CHAINS REVERSE ENGINEERINGIS HARD! Some heuristic techniques might be ok

22. 22 THAT S ALL FOLKS! SOFTWARE SUPPLY CHAINS THISMARKSTHEENDOFNEWMATERIALINTHECLASS

23. 23 THANKS FOR YOUR QUESTIONS! SOFTWARE SUPPLY CHAINS SPECIAL THANKSTOEVERYONETHATPOSTEDON PIAZZA