GyanBlog
Shipped2017

Meghdoot — Multi-Region Binary Monitoring

Multi-region monitoring of Adobe-shipped binaries to detect MITM attacks and unauthorized binary substitution.

JavaOracleSQSSNSAWSPython

Category

Enterprise

Year

2017

Status

Shipped

The Problem

If a hacker intercepts Adobe’s software distribution and swaps a legitimate binary for a malicious one — a classic MITM attack — Adobe and its customers would have no way to know. The attack surface is every download, everywhere.

What I Built

Meghdoot — a multi-region monitoring system that continuously fetches Adobe-shipped binaries from distribution endpoints across regions, verifies them against known-good signatures, and raises alerts when a mismatch is detected.

Technical Challenges

  • Multi-region fetch coordination without false positives from legitimate CDN propagation delays
  • Binary comparison at scale — efficient hash verification across large artifact sets
  • Alert fatigue reduction — distinguishing real attacks from infrastructure noise
  • Audit trail of every verification across regions and time

Architecture

[Diagram to be added]

Results & Impact

  • Presented at Adobe Tech Summit, San Francisco 2017
  • Active monitoring across Adobe’s global distribution infrastructure
  • Detection capability for MITM attacks on shipped software
← PreviousBinary Vulnerability Scanner POC
Next →Secure Code Signing Framework

Interested in working together?

Get in Touch