6mile.githax.com
Software Supply Chain Red Team. SourceCodeRED & SecureStack founder, dad, startup OG, snowboarder and hacker. Workin on GitHax tool in my spare time. github.com/6mile
@eastsidemccarty from the bird site.
37 posts
175 followers
498 following
Regular Contributor
Conversation Starter
comment in response to
post
on it
comment in response to
post
Can u dm me the url? I’ll take a look at it and tell u what it’s doing.
comment in response to
post
Oh wait, I thought you were talking about NPM
comment in response to
post
Legit
comment in response to
post
Yeah the HN thing was nice surprise
comment in response to
post
Heya, Adam, I'm contemplating open-sourcing it. In the meantime, I'm refining it and getting a TON of great data on malicious packages and the ecosystem as a whole.
comment in response to
post
NPM package metadata lists [email protected] as the package publisher (can't be faked), the author as Snyk researcher (can be faked) & one of the packages has the description "Snyk's Security Labs team testing package." I'm trying to get confirmation from the employee that he published it.
comment in response to
post
Looking forward to it!
comment in response to
post
Yes YES YESSSSS!!!
comment in response to
post
We’re on it!
comment in response to
post
Hey buddy!
comment in response to
post
G’day mate!
comment in response to
post
steals private keys and posts them to sol-rpc[.]xyz. The image above shows my side by side comparison of version 1.95.7 (malicious) on the left, and 1.95.8 (fixed) on the right. You can see the function that posts the stolen keys to the bad guys.