February 25-27, 2026
Montreal, Canada
Building a supply chain attack with .NET and NuGet
"Haha, npm had yet another supply chain attack!"
I'm waiting for the day this happens with .NET and NuGet. The tools are there! A number of interesting techniques exist to smuggle code into someone's codebase, malicious or genuine.
In this talk, we'll look at several .NET, NuGet and MSBuild techniques to inject code into a software supply chain. We'll also look at some ways to mitigate the risk (but you can't eliminate it).
I'm waiting for the day this happens with .NET and NuGet. The tools are there! A number of interesting techniques exist to smuggle code into someone's codebase, malicious or genuine.
In this talk, we'll look at several .NET, NuGet and MSBuild techniques to inject code into a software supply chain. We'll also look at some ways to mitigate the risk (but you can't eliminate it).
Maarten Balliauw
Duende Software
Maarten Balliauw loves building web and cloud apps. His main interests are in .NET web technologies, C#, Microsoft Azure and application performance. He is Head of Customer Success at Duende Software. Creator and maintainer of https://speaker.travel. He's an ASP Insider and former Microsoft MVP. Maarten is a frequent speaker at various national and international events and organizes Azure User Group events in Belgium. In his free time, he brews his own beer.
