T0195 - Spoofed Commits

By modifying metadata in commits, attackers can easily push their own code to code repositories. For example, by changing the name and email in a commit it is possible to pass as a legitimate user.

ID: T0195
Type: Technique
Tactic: Defense Evasion
Summary: Spoofed Commits
State: draft

Mitigations

id

type

summary

description

M1731
Mitigation
Implement verification of signed commits
Signing commits, or requiring to sign commits, gives other users confidence about the origin of a specific code change. It ensures that the author of the change is not hidden and is verified by the version control system, thus the change comes from a trusted source. For each repository in use, enforce the branch protection rule of requiring signed commits, and make sure only signed commits are capable of merging.

References

  1. https://www.arnica.io/blog/demystifying-the-pl0x-github-attack