Bad Dependencies Podcast
Bad Dependencies Episode 3: Malware, Bug Bounties, and the Ethics of Offense
08 Jul 2025
In this episode of Bad Dependencies, we explore the gray zone of offensive security with researcher Raphael Silva from Checkmarx. Hosts Mackenzie and Charlie break down June’s 4,000+ flagged malicious packages, then chat with Raphael about his real-world experiments planting “malicious-but-not” packages in places like npm and the VS Code Marketplace. From unicode deception to malware hidden in PNGs, this episode unpacks the ethics of bug bounties, the dangers of going too far, and how easy it is to slip past marketplace defenses—until a random security guy in Poland catches you first.00:00 – Intro & Weather Woes00:50 – Malware Madness: 4,000+ Packages Flagged02:00 – Offensive Security 10104:00 – The Ethics of Fake Malware06:00 – Where Researchers Cross the Line10:00 – Common Pitfalls & Accidental Exposure12:05 – Guest Joins: Raphael Silva from Checkmarx13:50 – Malicious-but-Not: ExpressJS-Session Deep Dive17:30 – Why Target VS Code Extensions?22:20 – Unicode Tricks, Copycats & What’s Next
No persons identified in this episode.
This episode hasn't been transcribed yet
Help us prioritize this episode for transcription by upvoting it.
Popular episodes get transcribed faster
Other recent transcribed episodes
Transcribed and ready to explore now
3ª PARTE | 17 DIC 2025 | EL PARTIDAZO DE COPE
01 Jan 1970
El Partidazo de COPE
LVST 19 de diciembre de 2025
19 Dec 2025
La Venganza Será Terrible (oficial)
Trumps irre Milliarden-Fusion und Win-Win-Deal für Netflix
19 Dec 2025
Alles auf Aktien – Die täglichen Finanzen-News
PL Striker Transfer Grades
18 Dec 2025
ESPN FC
TNB Tech Minute: FTC Orders Instacart to Pay $60 Million Over Deceptive Practices
18 Dec 2025
WSJ Tech News Briefing
Hidden Gem Stocks We Love at the End of the Year
18 Dec 2025
Motley Fool Money