Nuget, Dependency confusion and you
Dependency confusion seems to be in the headlines this year…well if you are using NPM. But what about Nuget? In this talk I will demonstrate malicious Nuget packages, locating vulnerable projects, the mitigation and my experience getting cash money for these vulnerabilities.
NF
I have used production as a test environment resulting in 120k overbilling for customers. I have used IRC to unknowingly divulge to a red team the awareness of the on going exercise. Naturally this qualifies to work in infosec with people's data..