BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsideslv24//talk//M9ZBHT
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsideslv24-M9ZBHT@pretalx.com
DTSTART;TZID=PST:20240806T150000
DTEND;TZID=PST:20240806T190000
DESCRIPTION:Total attacks on the software supply chain have increased by mo
 re than 730% year on year since 2019.  One way for organizations to combat
  this growing threat is to empower their red-teams to test the software su
 pply chains for that organization.  But many red teams are ill-prepared to
  tackle this new attack surface.  This workshop will help existing red tea
 ms and offensive security teams learn how to expand their scope to include
  the software supply chain (SSC).  We will give them a structured way to i
 dentify SSC components\, threat model an example SSC and finally conduct r
 ed team operations on an example SSC.\n\nI will draw on my experience at G
 itLab and SecureStack around red teaming and explain some of the tools and
  processes I've developed.\n\nThis workshop will have three parts:\n\n1. I
  will describe how to quickly identify the components in a software supply
  chain\n2. I will describe my TVPO methodology (target\, value\, patterns\
 , and objectives) which is an applied threat modeling and assessment frame
 work for software supply chains.\n3. Finally\, I will describe one of my r
 ed team operations on an open source project and the tools that I use (or 
 have written)
DTSTAMP:20260317T003705Z
LOCATION:Diamond
SUMMARY:Red Teaming the Software Supply Chain - Paul McCarty
URL:https://pretalx.com/bsideslv24/talk/M9ZBHT/
END:VEVENT
END:VCALENDAR