Nuget, Dependency confusion and you
when: Sat, 13 Nov 2021 15:15:00 +1300
where: The Michael Fowler Centre
Dependency confusion seems to be in the headlines this year…well if you are using NPM. But what about Nuget? In this talk I will demonstrate malicious Nuget packages, locating vulnerable projects, the mitigation and my experience getting cash money for these vulnerabilities.
I have used production as a test environment resulting in 120k overbilling for customers. I have used IRC to unknowingly divulge to a red team the awareness of the on going exercise. Naturally this qualifies to work in infosec with people's data..