¶ 2024-04-05 - XZ Backdoor
¶ Overview
Date: 2024-04-05
Time: 6pm-8pm
Location: GH224
Host: Zack Sargent
¶ Announcements
Announcements
Discord Messages:
hey CST!! I'm thinking about activities for this Friday.
There were two ideas on my mind:
1. Let's learn more about pwntools! We'll look for from CTFs, and see how pwntools can help us out, such as with [the format strings](<https://docs.pwntools.com/en/stable/fmtstr.html>) we learned about last week.
2. I'll set up a VM running [the xz backdoor](<https://github.com/amlweems/xzbot>), and we can try to learn about this new attack.
- I'm still learning about this vulnerability, but it's made a big splash, so it might be fun to get some hands-on experience?
- [more info, for reference](<https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/>)
- note we'd still use pwntools, [just indirectly](<https://github.com/amlweems/xzbot/blob/0cabe4c987fccbf3dbeb261efa59f05033ba14ac/patch.py#L21-L46>).
thoughts?
Hey @CST! Last Friday, a massive vulnerability was discovered in which an attacker tried to stick a root-level remote code execution backdoor into many Linux distributions.
This Friday at 6pm, we're going to be getting hands-on, and trying to understand how it works!
Feel free to swing by if you want a deeper understanding into this massive attack!
No experience is required. It's FREE!! :sparkles:
¶ Meeting Notes
For this meeting, we put together 
an activity on the XZ Hack , utilizing free, open-source resources.
Thank you to Patrick for staying with me until 1am learning about the XZ backdoor. 
¶ Reflection
Overall, this event was very well recieved.
Here are the key things I think we did right:
- Respond to current events. The XZ backdoor is a popular topic at the moment, so the process of breaking down the news into an accessible lesson was valuable for our club members.
- Utilize open source resources. This wouldn't have been possible without the open source projects released by Anthony Weems and Davide Guerri.
- Leave activities open-ended. Given the structure of a core lesson with open-ended activities to do on one's own, we were able to support a variety of skill levels and interests. Once people finished the core lesson, they were free to work on whatever interested them, such as the suggested activities or just obscure linux configuration.
Here are some things we could improve on:
- Advertisment. Given the weekly cadence of meetings, I wasn't sure if this was going to work out until the night before. Knowing the content ahead-of-time would help us communicate that to our members.
- VM distribution. It was great to be able to use Docker containers to easily work with the correct versions of software. However, it would be nicer if we could spool up VMs on our server, or easily distribute them to all of the PCs.
¶ Attendance
15 members attended (13 NKU; 2 CCHS) (Link to CampusGroups)