Elevator Pitch
This talk is a play-by-play of a hobbyist’s incident response to an active supply-chain attack against a very popular free, open-source (FOSS) communication tool, involving not only the implementation of malicious code, but also a heavy amount of social engineering.
Description
A Great Talk for Aspiring Security Professionals!
Discover how a hacker hobbyist—armed only with curiosity and spare time—took on an active supply-chain attack against the popular FOSS communication tool, Pidgin. In this talk, you’ll learn all about the step-by-step incident response process: from spotting red flags in the code to countering advanced social engineering ploys orchestrated by a crafty threat actor across multiple platforms. It’s a real-world example that shows how anyone—even with zero professional security background—can become an effective defender and give back to the community.
If you’ve ever found yourself stuck in the frustrating loop of “How can I get a job if I have no experience because I can’t get a job?”, this session is for you.