🧪 Experimental Feature

Focus Areas are an experimental feature that groups related content by tags. This page and its functionality may change as we refine the categorization system.

📦 Software Supply Chain Security

Security of software supply chains, including dependency management, SBOM, SCA, and third-party risk management

Contributors

Talks

Tool Demos

Panels

All Entries (59 total, sorted by date)

Date	Type	Conference	Title	Speaker(s)	Tags
2026-03-01	Talk	Nullcon	When Your Package Manager Became a Weapon: Anatomy of the First Self-Replicating Supply Chain Worm	Sudhanshu Dasgupta, Sahil Bansal	#supply-chain-security #malicious-packages #package-security+1
2026-02-28	Panel	Nullcon	Supply Chain Chaos: Strengthening the Digital Ecosystem Beyond the Enterprise	Mihirr P Thaker, Sumeet Khokhani, Ajit Hatti, Anant Shrivastava	#supply-chain-security #third-party-risk #supply-chain-attack
2025-12-11	Tool demo	Blackhat	DepConfuse: Shielding Your Packages from Dependency Confusion Attacks	Akhil Mahendra, Harsh Varagiya, Sourav Kumar, Akshansh Jaiswal	#supply-chain #dependency-management #package-security+2
2025-12-11	Tool demo	Blackhat	SupplyShield: Protecting Your Software Supply Chain	Rahul Sunder, Yadhu Krishna M, Hritik Vijay, Sourav Kumar	#supply-chain #sbom #software-composition-analysis+3
2025-12-10	Tool demo	Blackhat	SBOM Play	Anant Shrivastava	#sbom #supply-chain #vulnerability-assessment+1
2025-12-10	Tool demo	Blackhat	Catch the Flow: Securing CI/CD Workflows with Flowlyt	Hare Krishna Rai, K v Prashant, Nandan Gupta	#ci-cd #supply-chain #devsecops+1
2025-12-10	Tool demo	Blackhat	Securing Secrets from Dev Machine to Deployments Using SLV	Shibly Meeran, Sriram Krishnan, Keshav Kandasamy	#devsecops #cicd-security #supply-chain
2025-10-10	Talk	C0c0n	Ghosts in Your GitHub Actions and AI’s Hunt for Hidden Exploits	Suchith Narayan	#supply-chain #supply-chain-attack #devsecops+1
2025-08-07	Tool demo	Blackhat	Kubernetes Security Scanner	Krishna Priya	#kubernetes #cloud-workload-protection #container-security+4
2025-08-06	Talk	Blackhat	When ‘Changed Files’ Changed Everything: Uncovering and Responding to the tj-actions Supply Chain Breach	Varun Sharma, Ashish Kurmi	#ci-cd #incident-management #devsecops+2
2025-04-30	Talk	Rsac	Got Supply Pain? A Real-World Approach to Supply Chain SDL	Mohit Arora, Richard Tonry	#secure-development #devsecops #risk-management+4
2025-04-03	Tool demo	Blackhat	SupplyShield: Protecting your software supply chain	Yadhu Krishna M, Akhil Mahendra, Hritik Vijay	#supply-chain #sbom #sca+2
2025-04-03	Talk	Blackhat	Determining Exploitability of Vulnerabilities with SBOM and VEX	Anusha Penumacha, Srinija Kammari	#sbom #supply-chain #sca+1
2025-04-03	Tool demo	Blackhat	SCAGoat - Exploiting Damn Vulnerable and Compromised SCA Application	Hare Krishna Rai, Gaurav Joshi, K v Prashant	#supply-chain #supply-chain-attack #sca+1
2025-03-02	Talk	Nullcon	Securing the chains: Building defensive layers for software supply chains	Yadhu Krishna M, Akhil Mahendra, Hritik Vijay	#blueteam #container-security #sbom+3
2025-03-02	Panel	Nullcon	Enterprise Readiness for Supply Chain Attacks	Sanjay Bahl, Cassie Crossley	#supply-chain-security #supply-chain-attack #third-party-risk-management+4
2025-03-02	Panel	Nullcon	Modernizing Security Architecture: Platforms or Best-of-Breed, What Works Best?	Ketan Vyas, Prajal Kulkarni, Satyavathi Divadari, Srihari Kotni	#security-strategy #threat-modeling #zero-trust+3
2025-03-02	Talk	Nullcon	Satellite Communications: Analyzing and Protecting Space-Based Assets	Drishti Jain	#network-pentesting #ics-security #encryption+4
2024-12-11	Tool demo	Blackhat	SCAGoat - Exploiting Damn Vulnerable SCA Application	Hare Krishna Rai, Gaurav Joshi, K v Prashant	#supply-chain #sca #software-composition-analysis
2024-11-16	Talk	C0c0n	We got the Shiny SBoM; what next?	Anant Shrivastava	#sbom #supply-chain #supply-chain-security
2024-11-16	Talk	C0c0n	Access for Sale: Inside the World of Ransomware Affiliates and Initial Access Brokers	Nihar Sawant, Jaydev Joshi	#ransomware #phishing #supply-chain-security
2024-11-15	Talk	C0c0n	[Yodha] SCAGoat - Software Composition Analysis (SCA) Vulnerability Exploration Tool	Gaurav Joshi, Hare Krishna Rai	#supply-chain #sca #software-composition-analysis
2024-10-02	Talk	Virusbulletin	From code to crime: exploring threats in GitHub Codespaces	Nitesh Surana, Jaromir Horejsi	#cloud-pentesting #supply-chain-security #exploitation
2024-08-07	Tool demo	Blackhat	TrafficWardenX: OpenWRT Security & Monitoring	Sampad Adhikary, Tripti Sharma	#openwrt #network-monitoring #security-tools+3
2024-04-19	Tool demo	Blackhat	vet: Policy Driven vetting of Open Source Software Components	Abhisek Datta	#supply-chain-security #open-source-security #dependency-management+1
2023-12-06	Tool demo	Blackhat	SupplyShield: Protecting your software supply chain	Akhil Mahendra, Hritik Vijay	#aws #supply-chain #sbom+2
2023-09-28	Talk	Hackinparis	How to have visibility and security OF CICD ecosystem	Pramod Rana	#cicd-security #devsecops #architecture+4
2023-08-10	Talk	Defcon	Attacking Vehicle Fleet Management Systems	Yashin Mehaboobe	#automotive-cybersecurity #ics-security #embedded-systems+4
2023-08-09	Tool demo	Blackhat	CASPR - Code Trust Auditing Framework	Ajit Hatti	#secure-coding #code-review #secure-development+1
2023-08-07	Panel	C0c0n	CII Protection: How can the c0c0n community contribute ?	Navin Kumar Singh	#security-strategy #open-source-security #threat-modeling
2023-08-06	Talk	C0c0n	Taking a Closer Look at CI/CD Pipeline Logs: Extracting Security-Related Information with Build Inspector	Anshu Kumar, Pavan Sorab	#devsecops #ci-cd #cicd-pipeline+2
2023-08-06	Talk	C0c0n	Securing the Future: Addressing Cybersecurity Challenges in the Age of 5G	Altaf Shaik	#zero-trust #supply-chain-security #attack-surface+4
2023-03-23	Talk	Insomnihack	How to have visibility and security OF CICD ecosystem	Pramod Rana	#ci-cd #devsecops #supply-chain-security+3
2022-12-07	Tool demo	Blackhat	Patronus: Swiss Army Knife SAST Toolkit	Akhil Mahendra, Akshansh Jaiswal, Ashwin Shenoi	#sast #software-composition-analysis #asset-inventory+1
2022-09-08	Talk	Nullcon	Hack the Source: Securing Open Source Software – One bug at a time	Sandeep Singh, Laurie Mercer	#open-source-security #supply-chain #code-review+4
2022-09-07	Talk	Nullcon	Unearthing Malicious And Other “Risky” Open-Source Packages Using Packj	Devdutt Patnaik, Ashish Bijlani	#open-source-security #supply-chain #supply-chain-attack+3
2022-09-06	Panel	Nullcon	IoT Supply Chain Blues and the way forward	Aseem Jakhar, Kedar Sovani, Anantharaman Iyer, Suvabrata Sinha, Sudarshan Rajagopal, Sachin Jain	#iot-device-management #iot-pentesting #supply-chain-security+3
2022-08-11	Tool demo	Blackhat	Patronus: Swiss Army Knife SAST Toolkit	Akhil Mahendra, Akshansh Jaiswal, Ashwin Shenoi	#sast #software-composition-analysis #asset-inventory+4
2022-08-10	Tool demo	Blackhat	CASPR - Code Trust Audit Framework	Ajit Hatti	#secure-coding #secure-development #security-tools+3
2022-05-12	Tool demo	Blackhat	Mitigating Open Source Software Supply Chain Attacks	Ajinkya Rajput, Ashish Bijlani	#open-source-security #supply-chain #supply-chain-attack+3
2022-05-12	Tool demo	Blackhat	Patronus: Swiss Army Knife SAST Toolkit	Akhil Mahendra, Akshansh Jaiswal, Ashwin Shenoi	#sast #software-composition-analysis #secure-development+1
2021-11-13	Talk	C0c0n	Third Party Risk Management	Mahesh Kalyanaraman	#risk-management #compliance-governance #supply-chain+2
2021-11-12	Talk	C0c0n	2021 Supply Chain Attacks Analysis	Ajit Hatti	#incident-management #risk-management #supply-chain+1
2020-12-10	Talk	Blackhat	Effective Vulnerability Discovery with Machine Learning	Asankhaya Sharma, Ming Yi Ang	#security-assessment #machine-learning #software-composition-analysis+4
2020-10-02	Tool demo	Blackhat	Phishing Simulation Assessment	Jyoti Raval	#phishing #blueteam #social-engineering+3
2020-03-07	Panel	Nullcon	Supply Chain Security In Critical Infrastructure Systems	Manish Tiwari, Suchit Mishra, Faruk Kazi, Cristofaro Mune	#supply-chain-attack #supply-chain-security #critical-infrastructure+3
2019-08-10	Tool demo	Defcon	Local Sheriff	Konark Modi	#reconnaissance #blueteam #data-leak+3
2018-09-27	Talk	Rootcon	Bug Bounty Hunting on Steroids	Anshuman Bhartiya	#bug-hunting #bug-bounty #security-tools+3
2018-08-11	Tool demo	Defcon	HealthyPi—Connected Health	Ashwin Whitchurch	#raspberry-pi #hardware-embedded #embedded-systems+4
2018-08-10	Talk	Defcon	Building visualisation platforms for OSINT data using open source solutions	Bharath Kumar, Madhu Akula	#security-analytics #threat-hunting #osint+3
2018-08-10	Talk	Defcon	AN OSINT APPROACH TO THIRD PARTY CLOUD SERVICE PROVIDER EVALUATION	Lokesh Pidawekar	#third-party-risk-management #supply-chain #vendor-security
2018-03-03	Panel	Nullcon	Forensic Challenges and Road Ahead	Manu Zacharia, Brijesh Singh, Sanjay Bahl, Vladimir Katalov	#data-leak #data-protection #forensics+4
2018-03-01	Talk	Nullcon	Software Supply Chain Cyberattack	Samiran Ghatak	#red-teaming #cyberattack #supply-chain-attack+1
2015-09-24	Talk	Appsecusa	QARK: Android App Exploit and SCA Tool	Tushar Dalvi, Tony Trummer	#android-security #sca #software-composition-analysis
2015-02-07	Panel	Nullcon	Startup panel – Make in India	Aseem Jakhar, Radha Shelat, Sumit D Chowdhury, Shomiron Das Gupta, Sastry Tumuluri, Shiju Sathyadevan	#security-strategy #cybersecurity-framework #business-resilience+4
2013-08-16	Talk	Usenix	Building Securable Infrastructure: Open-Source Private Clouds	Pravir Chandra	#cloud-pentesting #architecture #open-source-security
2012-02-15	Talk	Nullcon	Open source revolution :Need Hardware - Software marriage	Venkatesh	#embedded-systems #hardware-embedded #open-source-security
2010-12-04	Talk	Clubhack	Ultimate Pen Test – Compromising a highly secure environment	Nikhil Mittal	#security-assessment #social-engineering #application-pentesting+4
2009-12-05	Talk	Clubhack	Indian IT Act 2000 vs 2009	Rohas Nagpal	#cyber-law #embedded-systems #firmware-analysis+4

🧪 Experimental Feature

📦 Software Supply Chain Security

Top Contributors

Related Tags (14)

All Entries (59 total, sorted by date)