Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?

Download File
Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects? (PDF, 1.18MB)Published: 13 May, 2025
Created by
SANS Institute
SANS Institute

In February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated well-disguised backdoor targeting sshd processes running on systems with the backdoored package installed.

Meet the expert

SANS Institute
SANS Institute

SANS Institute

Launched in 1989 as a cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place.

Read more about SANS Institute

Additional resources

SANS 2025 CTI Survey Webcast & Forum: Navigating Uncertainty in Today’s Threat Landscape

WhitepaperDigital Forensics and Incident Response, Security Awareness, Cybersecurity and IT Essentials
  • 20 May 2025
  • Rebekah Brown, Andreas Sfakianakis

test

WhitepaperDigital Forensics and Incident Response, Security Awareness, Cyber Defense
  • 27 Mar 2025

Leveraging Large Language Models for Security-Focused Code Reviews

WhitepaperArtificial Intelligence
  • 26 Mar 2025

Empowering Responders with Automated Investigation

WhitepaperDigital Forensics and Incident Response, Security Awareness
  • 18 Feb 2025
  • Megan Roddie-Fonseca

Beyond Detection: Using Real Phishing Data to Gauge Security Training Program Success

WhitepaperDigital Forensics and Incident Response, Security Awareness
  • 7 Jan 2025

MITRE ATT&CK Labeling of Cyber Threat Intelligence via LLM

WhitepaperArtificial Intelligence
  • 7 Jan 2025

Related courses