You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -33,7 +33,7 @@ Scenario Joker - be evil and invent a new nightmare and worst case scenario. Wha
ScenarioA developer has just typo'd an upstream package installation to their laptop. There was a malicious package waiting for that typo and post-installation code is exfiltrating data.https://twitter.com/badthingsdaily
ScenarioAn engineer has typo'd a package they are adding to a product repository. It is malicious. The CI/CD and prod environment variables are exfiltrated to a C&Chttps://twitter.com/badthingsdaily
ScenarioA malicious browser extension was installed on different corporate computers. It injects keyloggers into websites.
ScenarioYour build imports from an employee's personal NPM package. They quit, and vandalize the package, causing a public incident.https://twitter.com/badthingsdaily
ScenarioYour software build imports from an employee's personal NPM package. The employee quits and vandalizes the package, causing a public incident.https://twitter.com/badthingsdaily
ScenarioAn adversary takes control of your MDM service account. Your MDM support team cannot be reached for account recovery.https://twitter.com/badthingsdaily
ScenarioYour DNS was modified to respond with an attacker's DKIM key. Spearphishes will be signed by your domain in 30 minutes.https://twitter.com/badthingsdaily
ScenarioThe certificates involved with your primary code signing process have been compromised and used to sign malicious apps.
