Hijacking Debian Packages: Talk at ECPI College
Security Research
Presented a hands-on security workshop on Debian package abuse, combining Linux package internals, attack demonstration, and guided lab exercises in AWS.
Core Skills
Supply Chain Security
Debian
Linux
AWS
Security Research
Conference Speaking
Year
2023
Format
Security workshop
Focus
Supply Chain Security, Debian Packages
This workshop focused on the security implications of the Debian package ecosystem and how package installation mechanisms can be abused during offensive security testing. I walked attendees through Linux package fundamentals, the internal structure of Debian packages, and a hands-on demonstration of how those packages can be hijacked.
To make the material practical, I paired the presentation with lab infrastructure in AWS so attendees could experiment in a controlled environment rather than just watch slides.
Hands-On Resources
The lab environment let attendees apply what they had learned immediately by interacting with Debian packages, working from AWS-hosted instances, and using purpose-built support materials. Resources for the exercise are available below:
- Metasploit Modules: Download from GitLab
- Live Lab: Download from GitLab
.