In this episode of Bad Dependencies, we explore the gray zone of offensive security with researcher Raphael Silva from Checkmarx. Hosts Mackenzie and Charlie break down June’s 4,000+ flagged malicious packages, then chat with Raphael about his real-world experiments planting “malicious-but-not” packages in places like npm and the VS Code Marketplace. From unicode deception to malware hidden in PNGs, this episode unpacks the ethics of bug bounties, the dangers of going too far, and how easy it is to slip past marketplace defenses—until a random security guy in Poland catches you first.00:00 – Intro & Weather Woes00:50 – Malware Madness: 4,000+ Packages Flagged02:00 – Offensive Security 10104:00 – The Ethics of Fake Malware06:00 – Where Researchers Cross the Line10:00 – Common Pitfalls & Accidental Exposure12:05 – Guest Joins: Raphael Silva from Checkmarx13:50 – Malicious-but-Not: ExpressJS-Session Deep Dive17:30 – Why Target VS Code Extensions?22:20 – Unicode Tricks, Copycats & What’s Next
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Law & Order: Criminal Justice System - Season 1 & Season 2
Season Two Out Now! Law & Order: Criminal Justice System tells the real stories behind the landmark cases that have shaped how the most dangerous and influential criminals in America are prosecuted. In its second season, the series tackles the threat of terrorism in the United States. From the rise of extremist political groups in the 60s to domestic lone wolves in the modern day, we explore how organizations like the FBI and Joint Terrorism Take Force have evolved to fight back against a multitude of terrorist threats.