Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)
Critical Thinking - Bug Bounty Podcast
Analyzing Supply Chain Attack Scenarios and Vulnerabilities
This chapter delves into potential chaos from a supply chain attack impacting widely used packages like Express on deployment days, incidents involving DNS issues and IDOR vulnerabilities, and experiences with GitHub and NPM. It also covers the impact of attacks on caching servers, various types of supply chain attacks, techniques for bug bounty hunting, and exploiting vulnerabilities in companies' internal domains. The conversation praises Grafana's security team, highlights a bug in the NPM registry, and discusses an attack on the GitLab code source through a package confusion exploit.
00:00
Transcript
Play full episode
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
