Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Analysis of an Exploited NPM Package

JavaScript Conferences by GitNation via YouTube

Overview

Dive into a comprehensive analysis of the event-stream npm package exploit in this 25-minute conference talk from Amsterdam JSNation 2019. Explore how an attacker gained control of the package and leveraged it to target a specific mobile application. Uncover the three payloads of the attack, their purposes, obfuscation techniques, and ultimate goals. Learn about the importance of understanding such exploits for maintaining security in the npm ecosystem. Examine topics including semantic versioning, dependency management, payload discovery, decryption methods, and injection techniques. Gain valuable insights into the potential widespread nature of such attacks and the significance of staying vigilant in the face of evolving security threats in the JavaScript development landscape.

Syllabus

Who am I
What is Shape
Event Stream
Why
Semantic Versioning
Note
Dependencies
What did it do first
How was it discovered
The payload
Recap
All the packages
Decrypting
Injection
Final payload
The bad news

Taught by

JavaScript Conferences by GitNation

Reviews

Start your review of Analysis of an Exploited NPM Package

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.