Speaker
Description
CVE-2024-3094 is the infamous XZ backdoor incident that consists of a supply-chain attack where an evil actor injected a hidden malware blob into the XZ Utils software packages after successfully becoming one of the project's maintainers. The backdoor successfully being taken into Debian and Ubuntu development versions but, at the very late moment, was caught and stripped away by the community.
This talk demonstrates a step-by-step process to safely extract the malware payload from the tainted XZ Utils release tarballs on a Ubuntu system. It is recommended for beginners who are interested in open-source software security and would like to have a glimpse of how such malicious practices may be identified in practice. This talk only covers extracting the injected malware blob, but not the reverse-engineering against it.
Biography
林博仁(Buo-ren, Lin) is a long-time Ubuntu user and promoter and has mainly contributed to Ubuntu localization(L10N) and Snap packaging. Previously being a DevOps engineer at SinoItan Technology, Ltd. he has investigated and provided insights to many security incidents.
What audience can learn
- How to safely investigate a potentially maliciously modified file.
- How to properly verify whether the software is really from a specific publisher.
- Typical build process of a GNU Autoconf-based software.
- Comparing difference between a vanilla and modified software
Things to know or prepare for this session
The audience needs to have a basic understanding of:
- Unix command-line operation
- Container and virtual machines
Summary
This talk demonstrates a step-by-step process to safely extract the malware payload from the tainted XZ Utils release tarballs on a Ubuntu system.
Difficulty level | Begineer |
---|