Hack Your Lunch: A Live Demo of How Your Supply Chain is Getting Pwned! presented at SupplyChainCybersecuritySummit 2019

by Brandon Helms,

Summary : Working as a Red Teamer has challenged my thinking and helped build solutions to previously unsolved problems. One of the more interesting solutions that I have helped engineer revolved around using the developer to enable the deployment of our tools. In this presentation, we will demonstrate the impact of a developer being compromised and the exponential impact that can result from it. In this Hands-On demo, we will reconstruct an engagement where a developer was compromised and the attacker (Red Teamer in this case) was able to inject malicious code into the production code base which in return enabled remote access to any user that executed that code. You will be able to see the impact from both the developer's point of view as well as the attacker. Afterwards, we will decomp the indicators and speak to best practices when using centralized code repositories and engineering production-based workflows.