Repo Jacking - How Github Usernames Expose Projects to RCE

This course aims to educate participants on the prevalence and impact of the supply chain vulnerability known as 'repo jacking', which allows attackers to hijack Github repositories and achieve remote code execution through dependency injection. Participants will learn about the vulnerability itself, its causes, exploitation methods, and how to scan open-source projects for similar vulnerabilities. The course covers topics such as vulnerable scenarios, repository redirects, data collection, dependency analysis, key findings, and remediation strategies. The intended audience for this course includes developers, security professionals, and individuals interested in understanding and mitigating supply chain attacks in open-source projects. The teaching method involves a lecture format with a focus on research findings, practical examples, and mitigation techniques.