Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

NetBT (NetBIOS over TCP/IP) is a network protocol used to integrate NetBIOS services into the TCP/IP protocol suite. NetBT settings are specific to each interface and include the NetbiosOptions setting and the NameServerList. These settings can be configured individually for each interface using the answer file. NetBT is essential for integrating legacy systems, enabling older applications and devices that rely on NetBIOS to communicate seamlessly with modern TCP/IP networks.

LLMNR (Link-Local Multicast Name Resolution) is a protocol used by legacy operating systems for name resolution without a DNS server, compatible with both IPv4 and IPv6. It is included in Windows Vista, Windows Server 2008, Windows 7, 8, and 10, and some Linux distributions. Introduced by Microsoft to enhance network resource resolution, LLMNR allows devices to multicast name queries on a local network if the DNS server fails to resolve a name.

Open source software (OSS) is software for which the original authors have granted express copyright and usage permissions to allow all users to access, view, and modify the source code of these programs however they see fit and without the need to pay royalties. This is in contrast to proprietary, closed source software, which typically requires a paid license and cannot be added to, modified, or distributed by anyone except the owner of the rights to the software.

In this post, we explore a powerful, yet widely unknown attack vector which has emerged in the last couple of years known as ‘Repo Jacking’. During our research, we discovered the enormous potential to compromise software components with tens of millions of downloads across the Terraform IaC (Infrastructure as Code) and Composer (PHP package registry) ecosystems. Despite its power, Repo Jacking remains under-researched and frequently misunderstood.