Gregory's Server@tinker I've been thinking about how much time and effort went into selecting XZ as a target. It probably wouldn't be that hard to create a tool which searched the most commonly used open source projects and sorted them by the number of active maintainers.
|
8 comments
@tychotithonus @tinker So, this isn't the space I normally play in (being a Windows guy, for the most part). I just had a chat with @jrwr, and this data is *massively* noisy. The open source ecosystem gets real weird, real quick. Indeed. Like any model, whatever we build may not be fully accurate ... but should hopefully be useful. :D @tinker @nerdpr0f Turning the approach on its head for threat hunting is brilliant! By identifying high-value targets and reviewing their code under the assumption they've already been compromised, we prioritize security from the get-go. This method not only sharpens our focus on potential vulnerabilities but also prepares us to counter sophisticated cyber threats. Itβs a proactive defense strategy, ensuring we're always a step ahead of malicious actors. #CyberSecurity #ThreatHunting   |
@nerdpr0f - Take that idea and flip it! Use it to see what are the first projects that need to be reviewed from a Threat Hunting perspective!
Seriously! Its a great approach you've created!
Specifically identify projects that would be High Value Targets to a malicious actor and then go through the code with the ASSUMPTION THAT THEY HAVE ALREADY BEEN COMPROMISED.
See how many other backdoors and vulns we can find.
#infosec #FOSS #backdoor #xz #xzBackdoor