Critical Thinking - Bug Bounty Podcast Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)
5 snips
Jun 6, 2024 Expert 0xLupin discusses supply chain attacks, ethical considerations for maintainers, and new tool Depi. Topics include types of attacks, vulnerabilities in CI builds, challenges in managing software dependencies, detecting supply chain attacks, domain squatting, securing bug bounty programs, significance of lock files, bug hunting emotions, analyzing attack scenarios, and risks of NPM and Yarn supply chain attacks.
Chapters
Transcript
Episode notes
1 2 3 4 5 6 7 8 9 10 11
Intro
00:00 • 2min
Exploring Supply Chain Attacks and Dependency Confusion
02:20 • 7min
Software Supply Chain Security in Tech Companies
09:21 • 12min
Challenges in Managing Software Dependencies and Security Vulnerabilities
21:46 • 7min
Detecting and Mitigating Supply Chain Attacks
28:51 • 18min
Discussion on Domain Squatting and Weak Links in Sub-collection
46:34 • 2min
Securing Supply Chains and Bug Bounty Programs
48:17 • 19min
Significance of Lock Files and Supply Chain Security Vulnerabilities
01:06:49 • 8min
Exploring Bug Hunting Emotions and Implications of Software Supply Chain Vulnerabilities
01:14:20 • 2min
Analyzing Supply Chain Attack Scenarios and Vulnerabilities
01:16:17 • 20min
Exploring Supply Chain Vulnerabilities and Bug Bounty Perspectives
01:36:12 • 2min