Analysis of an Exploited NPM Package
Offered By: JavaScript Conferences by GitNation via YouTube
Course Description
Overview
Dive into a comprehensive analysis of the event-stream npm package exploit in this 25-minute conference talk from Amsterdam JSNation 2019. Explore how an attacker gained control of the package and leveraged it to target a specific mobile application. Uncover the three payloads of the attack, their purposes, obfuscation techniques, and ultimate goals. Learn about the importance of understanding such exploits for maintaining security in the npm ecosystem. Examine topics including semantic versioning, dependency management, payload discovery, decryption methods, and injection techniques. Gain valuable insights into the potential widespread nature of such attacks and the significance of staying vigilant in the face of evolving security threats in the JavaScript development landscape.
Syllabus
Who am I
What is Shape
Event Stream
Why
Semantic Versioning
Note
Dependencies
What did it do first
How was it discovered
The payload
Recap
All the packages
Decrypting
Injection
Final payload
The bad news
Taught by
JavaScript Conferences by GitNation
Related Courses
Front-End Web UI Frameworks and ToolsThe Hong Kong University of Science and Technology via Coursera Using Open Source Web Tooling to Improve Development Proficiency
Microsoft via edX Front-End Web UI Frameworks and Tools: Bootstrap 4
The Hong Kong University of Science and Technology via Coursera Diseñando páginas web con Bootstrap 4
Universidad Austral via Coursera React 101 - basics complete & latest. Forms, routing, async
Udemy