Hands-On Supply Chain Recon & Vendor Risk Mapping
Recon Village @ DEF CON 34 • August 6-9, 2026
Abstract
Every organization relies on third-party vendors, open-source packages, and CI/CD tools to build and deliver software. In this session, we'll learn how to identify and map these external dependencies, understand the trust relationships between them, and discover potential security risks. Through practical demonstrations, attendees will see how issues such as dependency confusion, insecure GitHub Actions workflows, and vendor-related weaknesses can become entry points for supply chain attacks. The goal is to help security teams find and fix these risks before attackers do.
Prerequisites
- Laptop with Internet Access
Speakers
Application Security Researcher
Dhiyaneshwaran is a Nuclei Template Engineer at ProjectDiscovery.io, crafting Nuclei templates for trending exploits and CVEs. With over 2000+ templates written, he leads the Nuclei-Templates leaderboard. In his free time, he engages in bug bounty hunting and develops unique reconnaissance methodologies. He is also an active speaker and organizer in the cybersecurity community, contributing to BugBountyVillage DEF CON, Null Chapter, OWASP Local Chapters, and BSides Chapters.
View full speaker profile →Security Researcher at ProjectDiscovery
Aman Rawat is a cybersecurity professional with years of experience in the field. Currently working as a Security Researcher at ProjectDiscovery, Aman specializes in Web, Internal/External Networks, API, Mobile (Android/iOS), Cloud Penetration Testing, AI/LLM Security, and Secure Code Reviews.
View full speaker profile →
