Today’s Bug Bounty Report Explained covers dependency confusion – a new bug bounty hacking technique that earned the researcher at least $130,000 bounties and probably even more. Lucky for you, the researcher didn’t find all of them, so there’s still plenty to be discovered.


Reporter’s twitter:

Follow me on twitter:

00:00 Intro
00:32 Known attacks on dependencies
02:03 The new attack on dependencies
04:22 Impact
05:02 Data exfiltration
06:29 Getting names of private packages
08:00 Results


Add comment

Your email address will not be published. Required fields are marked *