A sneaky demonstration of the dangers of curl | bash - k3can blog
blog.k3can.us

I set up a quick demonstration to show risks of curl|bash and how a bad-actor could potentially hide a malicious script that appears safe.

It’s nothing new or groundbreaking, but I figure it never hurts to have another reminder.

  • ShortN0te@lemmy.mlEnglish
    1·
    3 hours ago

    After gaining initial access, the malicious cyber actor deployed malware that scanned the environment for sensitive credentials.

    So as I said, the keys got compromised. Thats what i said in the second post.

    • xylogx@lemmy.worldEnglish
      1·
      2 hours ago

      What you said is the key infra needs to get compromise. I do not need to own the PKI that issued the certs, I just need the private key of the signer. And again, this is something that happens. A lot. A software publisher gets owned, then their account is used to distribute malware.

      • ShortN0te@lemmy.mlEnglish
        1·
        2 hours ago

        To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.

        As i said, to compromise a signature checked update over the internet you need to compromise both, the distributing infrastructure AND the key. With just either one its not possible. (Ignoring flaws in the code ofc)