Email or username:

Password:

Forgot your password?
Top-level
Rob O :verified:

@tinker I've been thinking about how much time and effort went into selecting XZ as a target. It probably wouldn't be that hard to create a tool which searched the most commonly used open source projects and sorted them by the number of active maintainers.

8 comments
Tinker β˜€οΈ

@nerdpr0f - Take that idea and flip it! Use it to see what are the first projects that need to be reviewed from a Threat Hunting perspective!

Seriously! Its a great approach you've created!

Specifically identify projects that would be High Value Targets to a malicious actor and then go through the code with the ASSUMPTION THAT THEY HAVE ALREADY BEEN COMPROMISED.

See how many other backdoors and vulns we can find.

#infosec #FOSS #backdoor #xz #xzBackdoor

Rob O :verified:

@tychotithonus @tinker So, this isn't the space I normally play in (being a Windows guy, for the most part). I just had a chat with @jrwr, and this data is *massively* noisy. The open source ecosystem gets real weird, real quick.

Royce Williams

@nerdpr0f

Indeed. Like any model, whatever we build may not be fully accurate ... but should hopefully be useful. :D

@tinker @jrwr

DELETED

@tinker @nerdpr0f Turning the approach on its head for threat hunting is brilliant! By identifying high-value targets and reviewing their code under the assumption they've already been compromised, we prioritize security from the get-go. This method not only sharpens our focus on potential vulnerabilities but also prepares us to counter sophisticated cyber threats. It’s a proactive defense strategy, ensuring we're always a step ahead of malicious actors. #CyberSecurity #ThreatHunting

πŸ˜€πŸš²

@nerdpr0f @tinker how many libraries are situated where an exploit could be involved in the early phases of auth code?

Rob O :verified:

@enobacon @tinker Probably not a ton, but there's a bunch of other ways one could design the trigger.

Farce Majeure

@nerdpr0f @tinker Adding maintainers got us here. It's probably more useful to sort them by how many functions with the ifunc attribute they have ;)

Go Up