Completed
Intro
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Unearthing Malicious and Risky OpenSource Packages Using Packj
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Open-source software is everywhere
- 3 Package Managers
- 4 Package Installation today - dependency hell
- 5 Software Supply Chain Attack
- 6 Attack Techniques: Typosquatting
- 7 Technique: Social Engineering
- 8 Technique: Dependency Confusion
- 9 Technique: Account Hijacking
- 10 How do we defend against these attacks?
- 11 Manual Vetting is infeasible
- 12 Vanity Stats are not enough
- 13 Packj: a dev-friendly vetting tool
- 14 Deep Metadata Analysis
- 15 Rigorous API Analysis
- 16 Runtime Analysis
- 17 Remote Code Execution Attack
- 18 Dependency Confusion Attack - Feb 2021
- 19 Colors and Faker Attack - Jan 2022