Official Website link
WS2-03 | March 25 (Wed) 10:00-11:30 | 5F | Workshop | Consecutive Translation
Workshop Overview
Software supply chain attacks don’t start at package managers: they start at developer laptops, compromised credentials, and CI/CD missteps. This session walks through a real-world attack from dev environment compromise to poisoned builds and eventual deployment of a backdoored release. It’s not theory — it’s how breaches actually unfold. We will relate each step with real life attacks that have happened along the way.
Learning Outcomes
- Understand the full lifecycle of a supply chain attack
- Learn attacker pivot points: local → repo → CI → release
- Map security controls to each phase of the chain
- Distinguish proactive vs. reactive defense strategies
Audience Level
Beginner — The student has an interest in the topic presented and general technology knowledge that a power user or undergraduate student may have acquired.
Prerequisites
- Personal Laptop with unrestricted internet access
- Google Account with Access to Google Cloud Console & Cloud Shell (reference)
- Personal GitHub Account
- VSCode/Cursor installed on your personal laptop
- Discord Account for support
Due to the short duration of the workshop, dedicated troubleshooting support is not provided. If your system does not work, the recommended approach is to observe how others are progressing and try again after the workshop.
Event Information
- Event: Security Days Fall 2026 (Tokyo)
- Session Code: WS2-03
- Date & Time: March 25, 2026 (Wed) 10:00-11:30
- Venue: Tokyo Venue (5F)
- Format: Workshop
- Translation: Consecutive translation available
- Instructor: Anant Shrivastava | Founder, Cyfinoid Research
- Official Site: Security Days Fall 2026
