Software Supply Chain Attacks - Software supply chain attacks don't start at package managers: they start at developer laptops, compromised credentials, and CI/CD missteps. This session walks through a real-world attack from dev environment compromise to poisoned builds and eventual deployment of a backdoored release. It's not theory : it's how breaches actually unfold. We will relate each step with real life attacks that have happened along the way. ## Learning Outcomes: - Understand the full lifecycle of a supply chain attack - Learn attacker pivot points: local → repo → CI → release - Map security controls to each phase of the chain - Distinguish proactive vs. reactive defense strategies ## Audience Level Beginner - The student has an interest in the topic presented and general technology knowledge that a power user or undergraduate student may have acquired. ## Prerequisite: 1. Personal Laptop with unrestricted internet access 2. ⁠Google Account with Access to Google Cloud Console & Cloud Shell (ref: docs.cloud.google.com/shell/docs/launching-cloud-shell) 3. ⁠Personal GitHub Account 4. ⁠⁠⁠VSCode/Cursor in your personal Laptop. 5. Discord Account for support Due to the short duration of workshop, we would not be able to provide trouble shooting support to students. if the systems dont work recommended approach would be to see how others are doing and later on after workshop they can try it. a silent killer