Today’s Bug Bounty Report Explained covers dependency confusion – a new bug bounty hacking technique that earned the researcher at least $130,000 bounties and probably even more. Lucky for you, the researcher didn’t find all of them, so there’s still plenty to be discovered.

Blogpost:
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

Reporter’s twitter:
https://twitter.com/alxbrsn

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:32 Known attacks on dependencies
02:03 The new attack on dependencies
04:22 Impact
05:02 Data exfiltration
06:29 Getting names of private packages
08:00 Results

#DependencyConfusion

Add comment

Your email address will not be published. Required fields are marked *