Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies

The Story of a Novel Supply Chain Attack

11 min readFeb 9, 2021

--

Ever since I started learning how to code, I have been fascinated by the level of trust we put in a simple command like this one:

pip install package_name

Alex Birsan

Written by Alex Birsan

More from Alex Birsan

Alex Birsan

How I hacked Google’s bug tracking system itself for $15,600 in bounties

Easy Bugs for Hard Cash

7 min readOct 30, 2017

--

Alex Birsan

The Bug That Exposed Your PayPal Password

And Credit Card Number Too

5 min readJan 8, 2020

--

See all from Alex Birsan

Recommended from Medium

CyberSec_Sai
in
InfoSec Write-ups

How I Earned My First Bug Bounty Reward of $1000

In this article, I want to discuss about my journey of making $1000 dollars from Bug Bounty program and the lessons I learned through this…

7 min readDec 28, 2022

--

Astik Rawat

OSWE : My Journey & Review

Hi, I am finally back after so many months! I wanted to share my honest review on Offensive Security Web Expert (OSWE) as this one took me…

7 min readDec 20, 2022

--

Lists

Staff Picks

332 stories84 saves

Stories to Help You Level-Up at Work

19 stories53 saves

Self-Improvement 101

20 stories107 saves

Productivity 101

20 stories117 saves

Stephen Adesina
in
Level Up Coding

10 websites that pay you up to $1000 to start your technical writing journey.

Are you at the point in your tech journey where you want to share your experiences? It doesn’t matter if you’re a tech baby with a passion…

8 min readJan 19

--

The PyCoach
in
Artificial Corner

You’re Using ChatGPT Wrong! Here’s How to Be Ahead of 99% of ChatGPT Users

Master ChatGPT by learning prompt engineering.

7 min readMar 17

--

nynan

What I learnt from reading 217* Subdomain Takeover bug reports.

A comprehensive analysis of Subdomain Takeovers (SDTO), DNS Hijacking, Dangling DNS, CNAME misconfigurations…

8 min readOct 31, 2022

--

Alexander Nguyen
in
Level Up Coding

Why I Keep Failing Candidates During Google Interviews…

They don’t meet the bar.

4 min readApr 13

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech