Just a very interesting article… regarding … Ever since I started learning how to code, I have been fascinated by the level of trust we put in a simple command…
Because i know alot of you are installing node.js dependencies from GitHub.
5 Likes
Hahah I read that as ‘Novell’ on first glance! Ahhh the days of NetWare, those were the days…
\shows age
Good article. Scan hit the CVE archive… Find what you’re looking for. Metasploit module. Amazing how this can get you places you shouldn’t be. Amazing how many un-patched boxes there are out there. And amazed how many folk don’t understand the consequence of just deploying module after module with no clue on what they are actually opening themselves up to. Used to be common practice to fork popular Github repositories (couple of changes that no user really reads the details of), name them similarly, and watch them get deployed. Same thing with VPNs… Set-up a VPN on a box out in Iceland (great for MITM) for a couple of weeks and watch that traffic roll-in! Name it something like ‘BusinessVPN’ and it was not long before you witnessed banks and all other types of interesting domains/IPs connect (people at work trying to view porn or FB etc)… Naughty naughty but very interesting exercise.
1 Like
Great read! Thanks for sharing.
1 Like