Cork|Sec 148
Details
Running since June 2013, every month we have 1-2 talks focused on Security or Technology - followed by socialising with like minded people – and you can find out exactly what to expect about the night and the venue on the What We're About section of our Meetup page. Past talk details are on our wiki on http://corksec.com/. All people with any sort of an interest or level of knowledge in Security, Hacking and Emerging Technology are more than welcome to attend and feel free to bring like minded colleagues and friends.
CorkSec is made possible through generous sponsorship from our Platinum Sponsor Trend Micro, Gold Sponsor CyberSkills , as well as our Silver and Bronze Sponsors featured prominently on the night.
Doors open at 19:00 with talks starting at 19:15. Talks below
TALK 1: How can we abuse AI hallucinations to feed the already bloated software supply chain - Nigel Douglas
Generative AI has already become that semi-autonomous software developer in our pockets, that's a reality for almost all of us in software security. However, as Uncle Ben would say, "with great power comes great responsibility". The tool that is providing us with benefits in software development is simultaneously responsible for creating a whole new software supply chain risk called slopsquatting. Similar to typosquatting, slopsquatting exploits AI’s tendency to hallucinate. By suggesting non-existent software packages from public repositories like PyPi or DockerHub, hackers are coming up with new and creative ways to distribute malware. An adversary monitoring these “phantom” packages can register them with malicious payloads, turning a harmless AI mistake into a silent supply chain compromise. This talk explores how slopsquatting works in the wild, real-world report findings of the attack chain, and strategies for defending against it. If your build pipeline trusts public upstreams, I'm afraid your trusty AI companion might just be doing the recon for your attacker.
TALK 2: Rapid DNS Abuse Mitigation: Collaboration, Evidence, and Impact by Rick Hansen
Rick will cover
* How CleanDNS integrates with registrars and registries for rapid suspension (sometimes in seconds)
* The importance of strong evidencing standards and what that enables in practice
* Practical takeaways for the group on DNS abuse mitigation