Unearthing Malicious and Risky OpenSource Packages Using Packj

Unearthing Malicious and Risky OpenSource Packages Using Packj

nullcon via YouTube Direct link

Technique: Social Engineering

7 of 19

7 of 19

Technique: Social Engineering

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Unearthing Malicious and Risky OpenSource Packages Using Packj

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Open-source software is everywhere
  3. 3 Package Managers
  4. 4 Package Installation today - dependency hell
  5. 5 Software Supply Chain Attack
  6. 6 Attack Techniques: Typosquatting
  7. 7 Technique: Social Engineering
  8. 8 Technique: Dependency Confusion
  9. 9 Technique: Account Hijacking
  10. 10 How do we defend against these attacks?
  11. 11 Manual Vetting is infeasible
  12. 12 Vanity Stats are not enough
  13. 13 Packj: a dev-friendly vetting tool
  14. 14 Deep Metadata Analysis
  15. 15 Rigorous API Analysis
  16. 16 Runtime Analysis
  17. 17 Remote Code Execution Attack
  18. 18 Dependency Confusion Attack - Feb 2021
  19. 19 Colors and Faker Attack - Jan 2022

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.