FIRST CTI Conference 2025: Software Supply Chain Security Insights

By /

Listen to this Post

Featured Image
URL: 2025 FIRST CTI Conference – Day 2 Plenary Sessions – Live Stream

Paul McCarty delivered a compelling talk at the FIRST CTI Conference 2025 in Germany, focusing on Software Supply Chain Security and Threat Intelligence (CTI). His presentation highlighted critical risks in modern development pipelines, including malicious npm packages and dependency vulnerabilities.

You Should Know: Essential Commands & Practices for Software Supply Chain Security

1. Detecting Malicious npm Packages

To audit npm dependencies for known vulnerabilities:

npm audit

For deeper analysis:

npm ls --all  List all dependencies
npx snyk test  Snyk vulnerability scan

2. SBOM (Software Bill of Materials) Generation

Generate an SBOM using Syft:

syft scan dir:./ --output spdx-json=sbom.json

Validate with Grype:

grype sbom:sbom.json

3. Linux Security Hardening for CI/CD Pipelines

Restrict container privileges:

docker run --read-only --security-opt no-new-privileges <image>

Check for suspicious processes:

ps aux | grep -E '(curl|wget|sh -c)'

4. Windows Defender for Supply Chain Attacks

Scan for suspicious DLLs:

Get-ChildItem -Path C:\ -Include .dll -Recurse -ErrorAction SilentlyContinue | Select-String -Pattern "malicious_code"

Log process executions:

Get-WinEvent -LogName "Microsoft-Windows-Sysmon/Operational" | Where-Object {$_.ID -eq 1}

5. YARA Rules for Detecting Compromised Packages

Example rule to detect obfuscated JavaScript:

rule Suspicious_JS_Obfuscation {
meta:
description = "Detects heavily obfuscated JavaScript"
strings:
$eval = "eval("
$base64 = /[A-Za-z0-9+\/]{50,}={0,2}/
condition:
any of them
}

What Undercode Say

Software supply chain attacks are escalating, with attackers exploiting weak links in open-source dependencies, CI/CD misconfigurations, and insider threats. Key takeaways:
– Monitor dependencies (npm audit, snyk)
– Enforce least privilege in pipelines (--read-only, no-new-privileges)
– Generate and analyze SBOMs (syft, grype)
– Detect anomalies with YARA and Sysmon

Expected Output:

A secure CI/CD pipeline with:

  • Zero unverified dependencies
  • Immutable infrastructure
  • Real-time threat detection

Reference:

FIRST CTI Conference 2025 Program

References:

Reported By: Mccartypaul Threatintel – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: