Nuget, Dependency confusion and you

Presented at Kawaiicon 2 (2022) Rescheduled, July 2, 2022, 3:15 p.m. (15 minutes)

Dependency confusion seems to be in the headlines this year…well if you are using NPM. But what about Nuget? In this talk I will demonstrate malicious Nuget packages, locating vulnerable projects, the mitigation and my experience getting cash money for these vulnerabilities.

Presenters:

• NF
  I have used production as a test environment resulting in 120k overbilling for customers. I have used IRC to unknowingly divulge to a red team the awareness of the on going exercise. Naturally this qualifies to work in infosec with people's data..

Links:

• https://kawaiicon.org/talks/dependencies/

Similar Presentations:

• Black Hat USA 2022 / CastGuard: Mitigating Type Confusion in C++
• Global AppSec - DC 2019 / Dependency Check