obilodeau
@obilodeau.bsky.social
Father of two. Hacker. President @NorthSec. Research at Flare. Cofounder of MontréHack. Love to teach and share. BlackHat, Defcon, SecTor speaker.
Still, this is a great wake-up call! A more polyglot payload could have done a lot of damage! Desktop, browsers, CI/CD, servers, etc.
Caveat: Spent 25 minutes on this. I didn't deobfuscate myself, I might be wrong.
Ref used for analysis: jdstaerk.substack.com/p/we-just-fo.... 3/3
Caveat: Spent 25 minutes on this. I didn't deobfuscate myself, I might be wrong.
Ref used for analysis: jdstaerk.substack.com/p/we-just-fo.... 3/3
Anatomy of a Billion-Download NPM Supply-Chain Attack
A massive NPM supply chain attack has compromised foundational packages like Chalk, affecting over 1 billion weekly downloads. We dissect the crypto-stealing malware and show you how to protect your p...
jdstaerk.substack.com
September 8, 2025 at 8:07 PM
Still, this is a great wake-up call! A more polyglot payload could have done a lot of damage! Desktop, browsers, CI/CD, servers, etc.
Caveat: Spent 25 minutes on this. I didn't deobfuscate myself, I might be wrong.
Ref used for analysis: jdstaerk.substack.com/p/we-just-fo.... 3/3
Caveat: Spent 25 minutes on this. I didn't deobfuscate myself, I might be wrong.
Ref used for analysis: jdstaerk.substack.com/p/we-just-fo.... 3/3
Browser extensions with broad privileges that would bundle an affected dependency could be dangerous but even then there are some limitations in where the code needs to run by the browser extension context. 2/3
September 8, 2025 at 8:07 PM
Browser extensions with broad privileges that would bundle an affected dependency could be dangerous but even then there are some limitations in where the code needs to run by the browser extension context. 2/3
Reposted by obilodeau
My advice for people who are applying to big conference for abstracts are: imagine that your reviewer is under a deadline of less than twelve hours and they are deeply deeply angry.
Write to impress that person, but write the talk you'd be proud to give.
Write to impress that person, but write the talk you'd be proud to give.
September 1, 2025 at 3:41 AM
My advice for people who are applying to big conference for abstracts are: imagine that your reviewer is under a deadline of less than twelve hours and they are deeply deeply angry.
Write to impress that person, but write the talk you'd be proud to give.
Write to impress that person, but write the talk you'd be proud to give.
I don't know.. I mean I pay for the no ads streaming package. Getting ads before calls sounds terrible!
August 21, 2025 at 6:50 AM
I don't know.. I mean I pay for the no ads streaming package. Getting ads before calls sounds terrible!
In an era of youth unemployment because of AI (seniors have the job + cuts), I have to say that it sounds like a nice way to create tight bonds in a society.
August 13, 2025 at 5:32 AM
In an era of youth unemployment because of AI (seniors have the job + cuts), I have to say that it sounds like a nice way to create tight bonds in a society.
From the article:
> Seventy-four percent of those surveyed embraced mandatory service it for public health support service, such as working with seniors or in hospitals.
That doesn't sound bad at all.
> Seventy-four percent of those surveyed embraced mandatory service it for public health support service, such as working with seniors or in hospitals.
That doesn't sound bad at all.
August 13, 2025 at 5:32 AM
From the article:
> Seventy-four percent of those surveyed embraced mandatory service it for public health support service, such as working with seniors or in hospitals.
That doesn't sound bad at all.
> Seventy-four percent of those surveyed embraced mandatory service it for public health support service, such as working with seniors or in hospitals.
That doesn't sound bad at all.
I see what you mean but Switzerland, Sweden and Norway have it, I believe. I'm not for it but these left-leaning countries have it. It all depends on how it's implemented.
August 13, 2025 at 5:32 AM
I see what you mean but Switzerland, Sweden and Norway have it, I believe. I'm not for it but these left-leaning countries have it. It all depends on how it's implemented.
Talk to me if you see me and I'll give you something if you wear NorthSec gear, promise you will submit a talk (or sponsor) or join our Discord. I have NorthSec badges (2024, 2025), t-shirts and proudly Canadian produce.
August 4, 2025 at 8:31 AM
Talk to me if you see me and I'll give you something if you wear NorthSec gear, promise you will submit a talk (or sponsor) or join our Discord. I have NorthSec badges (2024, 2025), t-shirts and proudly Canadian produce.