More dates

Payment plans

How does it work?

  • Reserve your order today and pay over time in regular, automatic payments.
  • You’ll receive your tickets and items once the final payment is complete.
  • No credit checks or third-party accounts - just simple, secure, automatic payments using your saved card.

Open Source Malware 101 - Everything you always wanted to know about npm malware (and more)

DEF CON Workshops
Add to calendar
 

Event description

Open Source Malware 101 - Everything you always wanted to know about npm malware (and more)

Level of Instruction: Intermediate

Instructed by: Paul "6mile" McCarty

Abstract:

Software supply chain attacks are out of control! Between 2019 and 2023 software supply chain attacks increased by more than 740% year on year. Things have only gotten worse since then, with attacks like Bybit, Ultralytics, LottieFiles, Polyfills, and of course XZ utils happening in the last 18 months. But how are these supply chain attacks delivered? Often, the attack starts with a malicious npm package.

According to Sonatype, 98.5% of malicious software packages exist in the npm registry. There are several reasons that npm is particularly well suited for delivering malware, and that's why I chose to focus just on npm for this 4 hour workshop.

This hands-on workshop will teach both software engineers, and infosec practitioners how npm malware works. We’ll learn what makes npm malware unique from other software package malware, and how the author has been using his knowledge of npm malware in his research, and to deliver unique offensive security engagements. Most importantly how to identify, analyze, create and defend against malicious NPM packages in this workshop.

The trainer for this workshop, Paul McCarty, is literally writing the book on the subject “Hacking npm”, so he will drop lots of in-depth, never before seen npm techniques.


Powered by

Tickets for good, not greed Humanitix dedicates 100% of profits from booking fees to charity

This event has passed
This event has passed
DEF CON Workshops