BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsides-canberra-2025//speaker//G39HJA
BEGIN:VTIMEZONE
TZID:AEST
BEGIN:STANDARD
DTSTART:20000326T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3;UNTIL=20050326T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20060402T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060401T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20070325T040000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=3;UNTIL=20070324T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20080406T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000827T030000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=8;UNTIL=20000826T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20011028T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20071027T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20081005T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=10
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-canberra-2025-ZMXUD3@pretalx.com
DTSTART;TZID=AEST:20250927T140000
DTEND;TZID=AEST:20250927T142500
DESCRIPTION:NPM is the world's largest software registry\, but it faces sig
 nificant security challenges. Attackers frequently target NPM packages bec
 ause traditional security tools like SCA and EDR aren't effective at prote
 cting developers from malicious packages. When malicious packages are iden
 tified\, NPM removes them from the registry and all mirror servers are sup
 posed to follow suit.\n\nWhat's concerning is that of the 8 global NPM mir
 rors\, 5 are located in China - representing 63% of all NPM mirrors. These
  Chinese mirrors operate under unique regulatory constraints\, including r
 ules that require security researchers to report vulnerabilities to the Mi
 nistry of State Security (MSS) before disclosing them to affected companie
 s.\n\nDuring my research\, I discovered that while Chinese NPM mirrors app
 ear to remove malicious packages\, they continue serving them in a hidden 
 manner. This presentation will demonstrate how I've been leveraging this b
 ehaviour for two years to access previously unseen malware\, and show the 
 audience how to do the same.
DTSTAMP:20260603T235056Z
LOCATION:Off-Main Track
SUMMARY:Panda Mirror:  How the Chinese CCP manipulates NPM to horde malware
  - Paul McCarty
URL:https://pretalx.com/bsides-canberra-2025/talk/ZMXUD3/
END:VEVENT
END:VCALENDAR