Our talk titled “The Poisoned Diary: Supply Chain Attacks on Install Scripts” was accepted at this year’s @Appsec_Village @DEFCON 29.
UPDATE: It will take place on Sunday, August 8th, at 9:05 AM PST / 12:05 PM EDT. Details can be found here – Q&A will take place on DEFCON’s Discord server.
2 thoughts on “Speaking @Appsec_Village @DEFCON 29”
[…] As part of our ongoing research into supply chain attacks, we have been analyzing bash installer scripts using the “curl | basj” pattern. Oracle provides such script used to install the CLI command for interaction with Oracle Cloud. However, there was no way to check whether the files that the script downloads are legitimate, which could potentially open the end-user to supply chain attacks. The installer is run as follows: […]
[…] As part of our ongoing research into supply chain attacks, we have been analyzing bash installer scripts using the “curl | bash” pattern. Google provides such script used to install the Cloud SQL proxy. However, the documentation doesn’t indicate how to verify downloaded files prior to execution. […]