Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)
Critical Thinking - Bug Bounty Podcast
Exploration of Ethical Security Research and Hosting Backdoors on Public Registries
Ethical security research faces challenges due to varying regulations worldwide, with the US being more liberal in allowing such research but lacking clear definitions. Despite this ambiguity, individuals have pushed boundaries without facing consequences. Maintaining ethical practices is crucial for companies engaging in security research. A novel technique was developed to host a backdoor on public registries by creating a parallel registry with benign packages. By detecting scanners and swapping packages on-the-fly, malicious versions could be served to unauthorized users for exfiltration purposes.
00:00
Transcript
Play full episode
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
