Elevator Pitch
This talk is a play-by-play of a hobbyist’s incident response to an active supply-chain attack against a very popular free, open-source (FOSS) communication tool, involving not only the implementation of malicious code, but also a heavy amount of social engineering.
Description
A Great Talk for Aspiring Security Professionals! If you’ve ever found yourself stuck in the frustrating loop of “How can I get a job if I have no experience because I can’t get a job?”, this session is for you. Discover how a hobbyist—armed only with curiosity and spare time—took on an active supply-chain attack against the popular FOSS communication tool, Pidgin. In this talk, you’ll learn all about the step-by-step incident response process: from spotting red flags in the code to countering advanced social engineering ploys orchestrated by a crafty threat actor across multiple platforms. It’s a real-world example that shows how anyone—even with zero professional security background—can become an effective defender.