Attacking The Supply Chain: Developer

[HCK]

Attacking The Supply Chain: Developer

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trustedâAttacking The Supply Chain: Developer