Analyzing Impala Stealer – Payload of the first NuGet attack campaign In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted .NET …
Update 2023-03-21 – We’ve talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically – there was no public evidence of severe malicious activity in the …
We’ve got great news for .NET developers – JFrog Artifactory can now act as your fully featured Symbol Server! Artifactory has long offered native support for NuGet packages, now developers can also store their symbol files in Artifactory where they can be indexed and consumed by the Visual Studio Debugger and other debugging tools. What …
1. If you are using several technologies, (e.g. Nuget, Maven, NPM, PyPi etc..) define a unique repository for each of them. By doing that you are making sure that all of the build requests are directed to the right place rather than going to a repository that may not even have the necessary packages. 2. …
Part 2 – “Is the sky cracking”? In the first part of this blog, we covered the downloading of the sample projects, the installation of Artifactory PRO, the building of the MyLogger library, and its storage into Artifactory. In the previous blog we covered the ability of Artifactory to proxy build dependencies from a remote cloud repository …
This blog shows how Artifactory, a binary repository manager, can be used a) as the storage location for remotely located build references, b) as a drop site for locally built CI artifacts, c) and in a future blog how it can also function as a storage and of all these binaries. For this demo we will use the MyLogger solution. …
Artifactory, OneGet, NuGet, Chocolatey, and Powershell Setup and Installations Recently there has been an enthusiastic buzz around OneGet, Microsoft’s new download manager for Powershell. With OneGet, Windows now has a first-class deployment manager quite similar to what the *inx folks had for years with the Apt-Get download manager. OneGet is a command line tools which …
The problem of dependency management is neither new nor original, it exists in all development platforms, and .NET is no different. Let’s go through different solutions and see how they perform. I’ll list them here in no particular order. Keeping dependencies in your source control That’s a very popular solution, and for a reason. The …
