Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore advanced supply chain attack methodologies in this 20-minute conference talk that examines how threat actors exploit CI/CD build pipelines to compromise critical open source packages. Learn about the evolution from traditional supply chain vulnerabilities to sophisticated "living off the pipeline" techniques, using the 2024 XZ compression library compromise as a foundational case study. Discover how attackers leverage legitimate build tools as weapons, escalate privileges within development environments, and maintain persistence while avoiding detection. Examine a comprehensive threat modeling approach that adapts MITRE's ATT&CK framework specifically for CI/CD environments, enabling security professionals to map build pipeline tactics to known attack patterns. Analyze real-world forensic evidence from recent supply chain compromises to understand adversarial behavior patterns and attack vectors. Gain practical methodologies for proactively identifying emerging threats in your own build pipelines, implementing defensive strategies against advanced persistent threats, and developing incident response capabilities for supply chain security breaches. Master the skills needed to predict and counter the next generation of XZ-like attacks before they can achieve widespread impact across the software ecosystem.
