Attack vector
Attackers use many vectors to illegally exploit vulnerabilities in their targets.
-
Understanding and Preventing Manifest Confusion
A primer on manifest confusion vulnerability in npm
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 5 min
-
Spam-pm: Investigating the Spam Invasion of npm
A deep dive into escalating spam problem on npm, and exploring the registry's unwanted guests.
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 7 min
-
From Confusion to Compromise: Dependency Confusion Attacks
A primer on dependency confusion attacks
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 4 min
-
Beyond Known CVEs: Understanding Supply Chain Attacks
A post explaining key differences between two cybersecurity threats: known vulerabilities and supply chain attacks.
Read morePublished by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
By and- Date
- Reading time
- · 4 min
-
Debunking Security for Developers (Part 1)
A primer for developers on commonly used buzz words in security.
Read morePublished by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
By and- Date
- Reading time
- · 9 min
-
All your domains are belong to us
Let's discuss one of the most underrated but effective attack vectors: using expiring domains to take over npm packages.
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 9 min
