Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Repo Jacking - How Github Usernames Expose Projects to RCE

NorthSec via YouTube

Overview

Explore a critical security vulnerability affecting over 70,000 open-source projects in this 25-minute conference talk from NorthSec 2021. Dive into 'repo jacking', an obscure supply chain vulnerability that allows attackers to hijack Github repositories and achieve remote code execution through dependency injection. Learn about the vulnerability's causes, exploitation methods, and why it has gone unnoticed for so long. Discover how to scan open-source projects for this vulnerability, build dependency graphs, and understand its full impact. Examine the prevalence of repo jacking across various project types, from small personal games to large web frameworks and cryptocurrency wallets. Gain insights into mitigation strategies to protect your projects from this and other supply chain attacks.

Syllabus

Intro
Open-source Supply Chain Attacks
Repo Jacking
Vulnerable Scenarios
Repository Redirects
GitHub's Response
Mass Analysis
Data Collection
Clean Up
Hijackable Usernames
Dependency Analysis
4. Directly Vulnerable Projects
Key Findings
Remediations

Taught by

NorthSec

Reviews

Start your review of Repo Jacking - How Github Usernames Expose Projects to RCE

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.