Analysis of an exploited npm package – Jarrod Overson

preview_player
Показать описание


# Analysis of an exploited npm package

The ownership of the npm package event-stream changed hands late 2018 and found its way into the hands of an attacker targeting a specific mobile application. How did an attacker go from an npm package to a mobile application? How was this exploit found? What purpose did each of the three payloads have?

This session will dive into the three payloads of the attack, how they worked, how they were obfuscated, and what their goal ultimately was.

There's no reason to assume this is an isolated event and understanding how this occurred and what it did is an important part of staying secure going forward.
  1. JavaScript Conferences by GitNation
  2. jsnation
  3. amsterdamjs
  4. amsterdam
  5. js talk
  6. nodejs
Рекомендации по теме
Analysis of an 0:24:50

Analysis of an exploited npm package – Jarrod Overson

CackalackyCon1 - Jarrod 0:25:27

CackalackyCon1 - Jarrod Overson - Analysis of an exploited npm package

Jarrod Overson 0:25:27

Jarrod Overson Analysis of an exploited npm package

JavaScript Security Vulnerabilities 0:25:05

JavaScript Security Vulnerabilities Tutorial – With Code Examples

npm audit and 0:01:59

npm audit and the shortcomings of security-focused static analysis tools

event-stream: Analysis of 0:24:16

event-stream: Analysis of a Compromised npm package

Was NPM hacked 0:07:15

Was NPM hacked for 2 hours?

Jarrod Overson - 0:42:42

Jarrod Overson - How did 8 million developers download an exploit with no one noticing?

Malicious NPM package 0:39:37

Malicious NPM package and how to defend [with Q&A]

Friday Hacks #178 0:28:25

Friday Hacks #178 - How I discovered 19 NPM malicious packages - NUS Hackers

When The Motherboard 0:11:52

When The Motherboard Comes With a Virus

Keeping JavaScript Safe: 0:23:29

Keeping JavaScript Safe: Security & the npm Registry

NodeConf EU | 0:27:27

NodeConf EU | Stranger Danger: Fixing vulnerabilities in npm package - Guy Podjamy

Nesting 'If Statements' 0:01:00

Nesting 'If Statements' Is Bad. Do This Instead.

NEVER buy from 0:00:46

NEVER buy from the Dark Web.. #shorts

Overview of SEC661: 0:54:54

Overview of SEC661: ARM Exploit Development and an Introduction to Router Emulation

JavaScript NPM Registry: 0:01:13

JavaScript NPM Registry: Manifest Confusion Vulnerability. June 29, 2023 story by Edwin Kwan

How One Line 0:13:47

How One Line of Code Almost Blew Up the Internet

GitHub finds 7 0:07:02

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

What are Weak 0:19:49

What are Weak Links in the npm Supply Chain?

Popular NPM package 0:12:58

Popular NPM package spreads Malware on Purpose | The node-ipc Scandal

Guy Podgarny - 0:47:42

Guy Podgarny - Stranger Danger: Npm & Node Security

10 security vulnerabilities 0:04:06

10 security vulnerabilities every JavaScript developer should know

NPM Install: Disaster 0:11:24

NPM Install: Disaster Waiting to Happen - Reactivate London - October 2018

Комментарии
Автор

That should be converted into a movie. " Hackers 2 - Revenge of NPM"

KemalPiro
Автор

Lol this video is helpful in solving one of HackTheBox's challenges!

DHIRAL