Hassan Khan
Supply Chain Attacks:- Focused on NPM attacks.
Supply chain attacks or attacks on open-source software are spreading like no other disease. It includes examples like Dependency confusion, log4j, NPM attacks, Gem attacks on ruby, and A LOT of examples.
Highly experienced Security Researcher with a proven track record of internet-wide scanning and Penetration Testing. A sought-after speaker, Hassan recently presented at the BlackHatMEA 2022 conference. His expertise extends to Ruby security, where he has conducted extensive research over the past few years. As a certified OSCP (Offensive Security Certified Professional), Hassan has also made a name for himself as a successful bug bounty hunter on both HackerOne and Bugcrowd.
Hassan's achievements have earned him recognition in the industry, including inclusion in the Google Security Hall of Fame (2017), Twitter Security Hall of Fame (2017), and Microsoft Security Hall of Fame (2017). He has also conducted extensive research into WordPress security and won the HackFest CTF competition.
In addition to his research, Hassan is also the developer of GemScanner.py and an npm scanner for account hijacking, further demonstrating his commitment to the security field and his skills as a developer.
This talk would be focusing on the What, Why, and How of this. Talking about the impact of the supply chain attacks as the weakest link in the chain and how to prevent them.
It would include Extensive internet scanning of NPM packages to find ones prone to account takeover [+ impact identification and defense]