NorthSec 2021

Indiana Moreau

Indiana is a security engineer at Security Innovation who specializes in testing web applications, APIs, and cloud configurations. He has a background in web development and previously worked in telecommunications and banking, performing penetration tests and security assessments. In his spare time, he works on personal coding projects and eats copious amounts of sushi.

The speaker's profile picture

What is your title?

Security Engineer

What is your company/affiliation(s)?

Security Innovation

LinkedIn profile (full URL)

https://www.linkedin.com/in/indianamoreau/


Sessions

05-20
11:25
40min
Application security
Laurent Desaulniers, Indiana Moreau, Dolev Farhi, Mitchell Cohen, Mansi Sheth

Q&A and discussion for the malware block, hosted and moderated by Laurent Desaulniers Questions will be gathered from the audience during the four prior talks.

Appsec
Main stream
05-20
09:40
30min
Repo Jacking: How Github usernames expose 70,000 open-source projects to remote code injection
Indiana Moreau

Due to one small Github feature, some projects that depend directly on a Github repository are vulnerable to remote code injection. This talk will discuss novel research that was conducted to determine the prevalence of an obscure vulnerability related to Github project dependencies. The research demonstrates that this vulnerability, repo jacking, is exceedingly widespread and affects over 70,000 open-source projects. We will explain the vulnerability itself, what caused it and how to exploit it, as well as how we scanned a large percentage of open-source projects for this vulnerability. Finally, we will also discuss mitigations and how to protect yourself and your projects from it.

Appsec
Main stream