SlideShare a Scribd company logo

Deceiving developers through malicious software libraries

J
Javier Junquera

RootedCON 2020 talk. In this talk, we showed the research about software dependencies that led us to rule the world for a day. Surprisingly, we could take control of more than 800 developer machines in less than 24 hours with the collusion of the most famous software dependency repositories... And with the "collaboraiton" of the developers ;)

Engineering
1 of 86
Download to read offline
Deceiving software developers through software libraries The day I ruled the world: Cybersecurity Group UAH
$ whoami Javier Junquera Sánchez Cybersecurity researcher & lecturer 2 Carlos Cilleruelo Rodríguez Cybersecurity researcher javier.junquera@uah.es @junquera /in/junquera carlos.cilleruelo@uah.es @carloslannister /in/carlos-cilleruelo/
ProTego https://protego-project.eu/ @protego_project 3 Research and innovation programme under grant agreement No. 826284
Introduction ➔ Rooted 2019 ➔ Homograph attacks ➔ Deep confusables (dataset) 4
Introduction 5
Background ● How many apps have problems with homograph attacks? ● How developer software is dealing with it? ○ IDEs ○ Text Editor ○ Programing languages 6
Background ➔ April 11, 2018 ➔ Still not solved ◆ Whatsapp ◆ Telegram 7
Bounties? 8
Twitter 9
Steam and Facebook 10
11 IDEs, Text Editors and Terminals
Why developers? 12
Nodemon 13
Nodemon 14
IDEs, Text Editors and Terminals 15
Open Source ● Ok, I can use it in an IDE, but... ● How could I deliver it? ○ Open Source! 16
Homograph libraries 17
pip pip install git+https://github.com/django/django.git@45dfb3641aa4d9828a7c 18
GitLab 19
GitLab 20
Github 21
Package managers 22
Uploading libraries 23
Package creation ➔ NodeJS ◆ package.json 24
Package creation ➔ Python ◆ setup.py 25
Package creation ➔ Python ◆ setup.py 26
Package creation ➔ Python ◆ setup.py 27
Uploading # NEVER USE THIS DEPENDENCY It's a security test A bad copy of {original_name} for testing homographic vulnerabilities. 28
Uploading ● We were testing uploading packages ● But then… 29
Fuzzer ➔ Homographic ➔ Homophonic ➔ Truncation ➔ Permutation ➔ Duplication ➔ Upper/Lower characters ➔ Similar characters ➔ “Advanced” ◆ Spaces ◆ LTR/RTL 30
Fuzzer ➔ change_similar(homográficos,h𝐨mográficos,changing o by b'xf0x9dx90xa8') ➔ homophonic(homofonicos,houmoufounicous,o sounds like ou) ➔ gen_deletions(truncar,tuncar,0, 1) ➔ gen_permutations(permutar,premutar,permuting char at 1) ➔ duplicates(duplicar,dupplicar,2) ➔ gen_case(caselogic,caseloGic,6) ➔ add_spaces(spaces,s<U+180E>paces,inserting space b'xe1xa0x8e' at position 1) ➔ rtl(ltr,<U+202D>rtl,inserting b'e280ad' at position 0) 31
Fuzzer 32 Ok... , so what’s next? :)
Uploading ➔ Let's upload everything ◆ UNICODE not allowed :( ◆ “Spaces not allowed” ◆ But… everything else: ● No limit, no control :) ◆ Remember academia 33
Dependencies selection ● Top 10 ○ PyPI ○ NPM ● Some we consider complicated to write ○ Who t.f. chose psycopg2-binaries? 34
Packages creation You have commited an error installing the dependency `{original_name}`, and have installed `{new_name}`. If `{new_name}` had mailicious code, you would have been pwned. This file has been generated by `{new_name}` for advertising you, and we have no made any change in your system. 35 Fix: you just need to delete the dependency `{new_name}` and install `{original_name}`. {new_name} is part of a research about attack in dependecies names. For more information about it contact javier@junquera.xyz
Telemetry ➔ User profile (Root | Not) ➔ Package manager (pypi | npm) ➔ Original name ➔ Modified name ➔ OS version ➔ Country, ~City (RGPD IP) ◆ It is difficult asking for consent :) 36
37 And once uploaded… Don’t worry…
38 00:00
39 01:00
40 02:00
41 03:00
42 04:00
43 05:00
44 06:00
45 07:00
46 08:00
47 09:00
48 10:00
49 11:00
50 12:00
51 13:00
52 14:00
53 15:00
54 16:00
55 17:00
56 18:00
57 19:00
58 20:00
59 21:00
60 22:00
61 23:00
62 > 800 hours
63 Goodbye ➔ (Delete | Try to delete) the uploaded packages ➔ Shutdown the API ➔ Then, we start to study the obtained data
Fuzzing results 64 node dependency Names generated bootstrap 1449 commander 1068 prop-types 1043 express 868 lodash 811 request 798 moment 758 chalk 595 react 580 async 548 debug 520 python dependency Names generated python-dateutil 1693 botocore 1416 s3transfer 1052 urllib3 1003 requests 950 certifi 947 psycopg2 862 pyyam1 769 pyasn1 600 pip 441 six 361
Infection results 65 Attack type Infections Ratio Truncation 361 43.07% Permutation 281 33.53% Duplication 115 13.72% Homophonic 68 8.11% Similar characters 11 1.31% Upper/Lower characters 2 0.23% Total attacks 838 100%
PyPI infection results 66 Changed name Original name Attack type Downloads pyscopg2 psycopg2 permutation 53 syx six homophonic 44 nump numpy truncation 27 psycopg-binary psycopg2-binary truncation 19 reqeusts requests permutation 18 psycog2 psycopg2 truncation 14 urllib3_ urllib3 spaces 12 pyscopg2-binary psycopg2-binary permutation 12 pycopg2 psycopg2 permutation 12 psycop2-binary psycopg2-binary truncation 11
npm infection results 67 Changed name Original name Attack type Downloads bootstarp bootstrap permutation 35 bootsrap bootstrap truncation 33 bootstap bootstrap truncation 17 expess express truncation 10 exress express truncation 9 wepback-cli webpack-cli homograph 9 bootstra bootstrap truncation 6 moemnt moment permutation 5 bootstrp bootstrap truncation 5 webpac-cli webpack-cli truncation 5
Root? 68
Root vs Non-root installations 69
WTFs ● npm don’t allow deletions ● We receive petitions from packages we didn’t upload successfully... ● Our account has “fans” ○ Systems/enterprises monitoring the repositories 70
WTFs 71 2020-03-05 19:41:17.953363,123.204.x.x,False,pypi,reques ts,requsets,3.8.2 (tags/v3.8.2:7b3ab59, Feb 25 2020, 22:45:29) [MSC v.1916 32 bit (Intel)],Taiwan,Taipei How many mirrors are there? What do they mirror? Who manages them?
Reactions ➔ After a looooooot of time we got banned ➔ 1(,5) Email(s) ➔ Internet questions ◆ Forum ◆ Stackoverflow 72
Reactions 73
Reactions 74
Reactions 75
Reactions ➔ ¡BAN! ◆ After 30 days 76
Report PyPI ➔ Rate-limiting? 77
Report npm 78
Internal Threat Hunting inside npm if dependencies_uploaded > 1000 { sleep(2592000) # 30 days ban() } 79
Demo time! 80
Demo time! 81 Hay video por si acaso... BANEADO
Code in GitLab DEC-DEV-DEP https://gitlab.com/ciberseg-uah/public/dec-dev-dep 82
Conclusions ➔ Repositories don’t care ➔ Developers don’t read ◆ And we are the first 83 sudo apt install <tab> <tab>
Recommendations ➔ Disable code execution (like RubyGems does) ➔ Mandatory with no sudo ◆ PyPI has developed measures ➔ Identify library with also developer name (like Docker Hub) ➔ Limit upload rate ➔ Limit users? 84
Agradecimientos 85 Cybersecurity Group UAH
That’s all folks! javier.junquera@uah.es @junquera /in/junquera carlos.cilleruelo@uah.es @carloslannister /in/carlos-cilleruelo/ 86

Recommended

Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...
Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...
Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...RootedCON
 
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]RootedCON
 
Bitcoin protocol for developerBitcoin Protocol for Developers
Bitcoin protocol for developerBitcoin Protocol for DevelopersBitcoin protocol for developerBitcoin Protocol for Developers
Bitcoin protocol for developerBitcoin Protocol for DevelopersParadigma Digital
 
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...RootedCON
 
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...RootedCON
 
Stackjacking
StackjackingStackjacking
StackjackingMichael Scovetta
 
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...PROIDEA
 
Software Heritage: let's build together the universal archive of our software...
Software Heritage: let's build together the universal archive of our software...Software Heritage: let's build together the universal archive of our software...
Software Heritage: let's build together the universal archive of our software...Codemotion
 

Recommended

Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...
Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...
Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...RootedCON
 
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]RootedCON
 
Bitcoin protocol for developerBitcoin Protocol for Developers
Bitcoin protocol for developerBitcoin Protocol for DevelopersBitcoin protocol for developerBitcoin Protocol for Developers
Bitcoin protocol for developerBitcoin Protocol for DevelopersParadigma Digital
 
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...RootedCON
 
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...RootedCON
 
Stackjacking
StackjackingStackjacking
StackjackingMichael Scovetta
 
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...PROIDEA
 
Software Heritage: let's build together the universal archive of our software...
Software Heritage: let's build together the universal archive of our software...Software Heritage: let's build together the universal archive of our software...
Software Heritage: let's build together the universal archive of our software...Codemotion
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHackito Ergo Sum
 
Windows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresWindows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresShakacon
 
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ..."Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...PROIDEA
 
PHP for Android: prototyping Android apps in php
PHP for Android: prototyping Android apps in phpPHP for Android: prototyping Android apps in php
PHP for Android: prototyping Android apps in phpCesare D'Amico
 
More developers on DevOps with Docker orchestration
More developers on DevOps with Docker orchestrationMore developers on DevOps with Docker orchestration
More developers on DevOps with Docker orchestrationGiulio De Donato
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your NetworkCTruncer
 
"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal Purzynski"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal PurzynskiPROIDEA
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
Dario Durando - IoT: Battle of Bots [rooted2018]
Dario Durando - IoT: Battle of Bots [rooted2018]Dario Durando - IoT: Battle of Bots [rooted2018]
Dario Durando - IoT: Battle of Bots [rooted2018]RootedCON
 
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]RootedCON
 
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]RootedCON
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 MatrixJorge Orchilles
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerJorge Orchilles
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesDmitry Vostokov
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureSergey Gordeychik
 
Break up the Monolith: Testing Microservices
Break up the Monolith: Testing MicroservicesBreak up the Monolith: Testing Microservices
Break up the Monolith: Testing MicroservicesMarcus Merrell
 
Pentester++
Pentester++Pentester++
Pentester++CTruncer
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...sparkfabrik
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best FriendEmilyGladstoneCole
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...Aleksandr Tarasov
 

More Related Content

What's hot

HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHackito Ergo Sum
 
Windows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresWindows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresShakacon
 
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ..."Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...PROIDEA
 
PHP for Android: prototyping Android apps in php
PHP for Android: prototyping Android apps in phpPHP for Android: prototyping Android apps in php
PHP for Android: prototyping Android apps in phpCesare D'Amico
 
More developers on DevOps with Docker orchestration
More developers on DevOps with Docker orchestrationMore developers on DevOps with Docker orchestration
More developers on DevOps with Docker orchestrationGiulio De Donato
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your NetworkCTruncer
 
"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal Purzynski"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal PurzynskiPROIDEA
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
Dario Durando - IoT: Battle of Bots [rooted2018]
Dario Durando - IoT: Battle of Bots [rooted2018]Dario Durando - IoT: Battle of Bots [rooted2018]
Dario Durando - IoT: Battle of Bots [rooted2018]RootedCON
 
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]RootedCON
 
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]RootedCON
 

What's hot (11)

HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
 
Windows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresWindows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul Rascagneres
 
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ..."Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
 
PHP for Android: prototyping Android apps in php
PHP for Android: prototyping Android apps in phpPHP for Android: prototyping Android apps in php
PHP for Android: prototyping Android apps in php
 
More developers on DevOps with Docker orchestration
More developers on DevOps with Docker orchestrationMore developers on DevOps with Docker orchestration
More developers on DevOps with Docker orchestration
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your Network
 
"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal Purzynski"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal Purzynski
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
Dario Durando - IoT: Battle of Bots [rooted2018]
Dario Durando - IoT: Battle of Bots [rooted2018]Dario Durando - IoT: Battle of Bots [rooted2018]
Dario Durando - IoT: Battle of Bots [rooted2018]
 
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
 
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
 

Similar to Deceiving developers through malicious software libraries

8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 MatrixJorge Orchilles
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerJorge Orchilles
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesDmitry Vostokov
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureSergey Gordeychik
 
Break up the Monolith: Testing Microservices
Break up the Monolith: Testing MicroservicesBreak up the Monolith: Testing Microservices
Break up the Monolith: Testing MicroservicesMarcus Merrell
 
Pentester++
Pentester++Pentester++
Pentester++CTruncer
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...sparkfabrik
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best FriendEmilyGladstoneCole
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...Aleksandr Tarasov
 
Evolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootConEvolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootConJorge Orchilles
 
DevOpsDaysRiga 2018: Eric Skoglund, Lars Albertsson - Kubernetes as data plat...
DevOpsDaysRiga 2018: Eric Skoglund, Lars Albertsson - Kubernetes as data plat...DevOpsDaysRiga 2018: Eric Skoglund, Lars Albertsson - Kubernetes as data plat...
DevOpsDaysRiga 2018: Eric Skoglund, Lars Albertsson - Kubernetes as data plat...DevOpsDays Riga
 
Kubernetes as data platform
Kubernetes as data platformKubernetes as data platform
Kubernetes as data platformLars Albertsson
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018randomuserid
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure DevelopmentBosnia Agile
 
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...CODE BLUE
 
DEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning securityDEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning securityFelipe Prado
 
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.hacktivity
 
Bodin - Hullin & Potencier - Magento Performance Profiling and Best Practices
Bodin - Hullin & Potencier - Magento Performance Profiling and Best PracticesBodin - Hullin & Potencier - Magento Performance Profiling and Best Practices
Bodin - Hullin & Potencier - Magento Performance Profiling and Best PracticesMeet Magento Italy
 

Similar to Deceiving developers through malicious software libraries (20)

8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing Development
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slides
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructure
 
Break up the Monolith: Testing Microservices
Break up the Monolith: Testing MicroservicesBreak up the Monolith: Testing Microservices
Break up the Monolith: Testing Microservices
 
Pentester++
Pentester++Pentester++
Pentester++
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best Friend
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
 
Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...
 
Evolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootConEvolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootCon
 
DevOpsDaysRiga 2018: Eric Skoglund, Lars Albertsson - Kubernetes as data plat...
DevOpsDaysRiga 2018: Eric Skoglund, Lars Albertsson - Kubernetes as data plat...DevOpsDaysRiga 2018: Eric Skoglund, Lars Albertsson - Kubernetes as data plat...
DevOpsDaysRiga 2018: Eric Skoglund, Lars Albertsson - Kubernetes as data plat...
 
Kubernetes as data platform
Kubernetes as data platformKubernetes as data platform
Kubernetes as data platform
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure Development
 
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
 
DEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning securityDEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning security
 
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
 
Bodin - Hullin & Potencier - Magento Performance Profiling and Best Practices
Bodin - Hullin & Potencier - Magento Performance Profiling and Best PracticesBodin - Hullin & Potencier - Magento Performance Profiling and Best Practices
Bodin - Hullin & Potencier - Magento Performance Profiling and Best Practices
 

More from Javier Junquera

Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)Javier Junquera
 
Al-Kindi convirtió tu dataset en mi keylogger (RootedCON Criptored 2023)
Al-Kindi convirtió tu dataset en mi keylogger (RootedCON Criptored 2023)Al-Kindi convirtió tu dataset en mi keylogger (RootedCON Criptored 2023)
Al-Kindi convirtió tu dataset en mi keylogger (RootedCON Criptored 2023)Javier Junquera
 
De PARCHE a Vysion: construyendo un ecosistema CTI sobre la Darknet (RootedC...
De PARCHE a Vysion: construyendo un ecosistema CTI sobre la Darknet (RootedC...De PARCHE a Vysion: construyendo un ecosistema CTI sobre la Darknet (RootedC...
De PARCHE a Vysion: construyendo un ecosistema CTI sobre la Darknet (RootedC...Javier Junquera
 
El caso Solorigate: la exposición de SolarWinds, de SUNBURST a Supernova
El caso Solorigate: la exposición de SolarWinds, de SUNBURST a SupernovaEl caso Solorigate: la exposición de SolarWinds, de SUNBURST a Supernova
El caso Solorigate: la exposición de SolarWinds, de SUNBURST a SupernovaJavier Junquera
 
Conferencia Internet Society: El FBI El reabre el debate sobre backdoors y ci...
Conferencia Internet Society: El FBI El reabre el debate sobre backdoors y ci...Conferencia Internet Society: El FBI El reabre el debate sobre backdoors y ci...
Conferencia Internet Society: El FBI El reabre el debate sobre backdoors y ci...Javier Junquera
 
Tecnologías avanzadas de descubrimiento y análisis de la Dark Net
Tecnologías avanzadas de descubrimiento y análisis de la Dark NetTecnologías avanzadas de descubrimiento y análisis de la Dark Net
Tecnologías avanzadas de descubrimiento y análisis de la Dark NetJavier Junquera
 

More from Javier Junquera (7)

Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
 
Al-Kindi convirtió tu dataset en mi keylogger (RootedCON Criptored 2023)
Al-Kindi convirtió tu dataset en mi keylogger (RootedCON Criptored 2023)Al-Kindi convirtió tu dataset en mi keylogger (RootedCON Criptored 2023)
Al-Kindi convirtió tu dataset en mi keylogger (RootedCON Criptored 2023)
 
De PARCHE a Vysion: construyendo un ecosistema CTI sobre la Darknet (RootedC...
De PARCHE a Vysion: construyendo un ecosistema CTI sobre la Darknet (RootedC...De PARCHE a Vysion: construyendo un ecosistema CTI sobre la Darknet (RootedC...
De PARCHE a Vysion: construyendo un ecosistema CTI sobre la Darknet (RootedC...
 
El caso Solorigate: la exposición de SolarWinds, de SUNBURST a Supernova
El caso Solorigate: la exposición de SolarWinds, de SUNBURST a SupernovaEl caso Solorigate: la exposición de SolarWinds, de SUNBURST a Supernova
El caso Solorigate: la exposición de SolarWinds, de SUNBURST a Supernova
 
Conferencia Internet Society: El FBI El reabre el debate sobre backdoors y ci...
Conferencia Internet Society: El FBI El reabre el debate sobre backdoors y ci...Conferencia Internet Society: El FBI El reabre el debate sobre backdoors y ci...
Conferencia Internet Society: El FBI El reabre el debate sobre backdoors y ci...
 
Password cracking
Password crackingPassword cracking
Password cracking
 
Tecnologías avanzadas de descubrimiento y análisis de la Dark Net
Tecnologías avanzadas de descubrimiento y análisis de la Dark NetTecnologías avanzadas de descubrimiento y análisis de la Dark Net
Tecnologías avanzadas de descubrimiento y análisis de la Dark Net
 

Recently uploaded

List of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfList of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfisabel213075
 
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATIONSOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATIONSneha Padhiar
 
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptxTriangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptxRomil Mishra
 
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithmComputer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithmDeepika Walanjkar
 
Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating SystemRashmi Bhat
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxStephen Sitton
 
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESCME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESkarthi keyan
 
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.elesangwon
 
Novel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsNovel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsResearcher Researcher
 
CS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfCS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfBalamuruganV28
 
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Erbil Polytechnic University
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfManish Kumar
 
Katarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School CourseKatarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School Coursebim.edu.pl
 
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHTEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHSneha Padhiar
 
『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书
『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书
『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书rnrncn29
 
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...Stork
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONjhunlian
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptxmohitesoham12
 
Theory of Machine Notes / Lecture Material .pdf
Theory of Machine Notes / Lecture Material .pdfTheory of Machine Notes / Lecture Material .pdf
Theory of Machine Notes / Lecture Material .pdfShreyas Pandit
 
11. Properties of Liquid Fuels in Energy Engineering.pdf
11. Properties of Liquid Fuels in Energy Engineering.pdf11. Properties of Liquid Fuels in Energy Engineering.pdf
11. Properties of Liquid Fuels in Energy Engineering.pdfHafizMudaserAhmad
 

Recently uploaded (20)

List of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfList of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdf
 
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATIONSOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
 
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptxTriangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptx
 
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithmComputer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithm
 
Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating System
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptx
 
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESCME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
 
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
 
Novel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsNovel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending Actuators
 
CS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfCS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdf
 
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
 
Katarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School CourseKatarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School Course
 
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHTEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
 
『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书
『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书
『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书
 
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptx
 
Theory of Machine Notes / Lecture Material .pdf
Theory of Machine Notes / Lecture Material .pdfTheory of Machine Notes / Lecture Material .pdf
Theory of Machine Notes / Lecture Material .pdf
 
11. Properties of Liquid Fuels in Energy Engineering.pdf
11. Properties of Liquid Fuels in Energy Engineering.pdf11. Properties of Liquid Fuels in Energy Engineering.pdf
11. Properties of Liquid Fuels in Energy Engineering.pdf
 

Deceiving developers through malicious software libraries