View profile

Naugtur's randomly newsletter - Issue #2

Naugtur's randomly newsletter
Naugtur's randomly newsletter
This is my second newsletter sent from Revue and potentially last.
Just when I finished choosing what to use for newslettering and setting up they’re shutting it down. Oh well, at least it’s just email and I can move elsewhere. But for now - here’s what’s new:

For my Polish subscribers, I’ll be speaking at OH MY HACK in Warsaw on Dec 3 - if you’re getting a ticket, use this code IDE_NA_OMH for 20% off ➡️
If you want to see how short I can make the Hardened JS topic (or just watch other great lightning talks) - try DevSecCon Lightning on Dec 7
And last but not least (this has not been officially announced yet) there’s going to be a meet.js Summit Watch Party on Dec 8, 14:00 CET on meet.js discord. Watch talks and chat about them, interact with the sponsors - a great way to make up for your bad decision if you didn’t come to the conference in person :D
Speaking of meet.js - I’m aware of 5 local meetups planned before the end of the year. Check your city!
Bad bins and how to keep them at bay
Folks from found this new awful way of supply-chain attacking someone.
I’m almost done with the only protection you can locally use to defeat those:
Try it out, comment, ask questions - it’s opensource!
My new toy
Have you heard about LofyGang?
I downloaded one of the (still available) packages to see how far I’d get if I try to manually analyze it. I got through 4 layers of obfuscation but t got stuck on the infinite loop that only happens if you deobfuscate… So, I built a tool to analyze JS malware without deobfuscating.
It’s still just an experiment, a result of one morning spent coding, but I encourage you to take a look if you’re into JS security stuff :)
Remember, no warranty of any kind ;)
Training, anyone?
I don’t ha a lot of time to find people who’d like to invite me to their team to do some training, but if they find me, I sometimes run 1 day trainings - see
If you were hesitating to get one, any training where I can issue an invoice before the end of 2022 gets a discount
Did you enjoy this issue? Yes No
Naugtur's randomly newsletter
Naugtur's randomly newsletter @naugtur

Events I organize or take part in
Updates on my opensource work in JS supply chain security
Training/workshops announcements, knowledge sharing

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.