 |
VOOZH | about |
A compilation of resources in the software supply chain security domain, with emphasis on open source
Split and distribute your private keys securely amongst untrusted network
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
List your dependencies capabilities and monitor if updates require more capabilities.
Scan GitHub Actions Workflow logs for IOCs
A phishing-led npm supply chain attack compromised millions of weekly downloads, but IoCs, detection scripts, and remediation steps can help developers defend fast.
Packj audits pull requests for malicious/risky open-source deps
Checks your files for existence of Unicode BIDI characters which can be misused for supply chain attacks. See CVE-2021-42574
PoC ELF linker that injects backdoors into binaries at link time
This repository is a security research project demonstrating supply chain attack techniques in the Go ecosystem. It is designed for educational and defensive security purposes only.
PoC backdoor embedded within the C runtime zero
Python script to check if any malicious pip packages listed in a text file have been installed.
Build a real-time auction app with Flutter and Supabase for live bidding, secure auth, and a polished Material 3 UI
GitHub Action to detect adversarial Unicode in PRs: invisible characters, bidi attacks, homoglyphs, PUA code points, and encoding issues. Zero-config, language-agnostic.
Compilation of articles and utils about Software Supply Chain Security
Educational recreation of the WaterPlum/StoatWaffle VSCode supply chain attack. Full two-machine lab with C2 server, bootstrap downloader, RAT module, browser credential discovery, and file exfiltration. For security research only.
Complete implementation of Ken Thompson's "Trusting Trust" compiler exploit. Modified TCC with self-replicating backdoors, with my focus on architecture research and exploit development.
Compute SRI from an HTML file and generate a new HTML with the integrity attribute.
Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation to prevent supply-chain attacks. It works with: PyPI (via ubel-pip), npm (via ubel-npm),and Linux distributions (Ubuntu-based, Debian-based, RHEL, AlmaLinux).
Add a description, image, and links to the supply-chain-attacks topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-attacks topic, visit your repo's landing page and select "manage topics."