Back to Talks 2026
Workshopbeginner

Hands-On Supply Chain Recon & Vendor Risk Mapping

Recon Village @ DEF CON 34August 6-9, 2026

Friday, August 7 · 10:00 AM – 12:30 PMRecon Village Workshop Area

Abstract

Every organization relies on third-party vendors, open-source packages, and CI/CD tools to build and deliver software. In this session, we'll learn how to identify and map these external dependencies, understand the trust relationships between them, and discover potential security risks. Through practical demonstrations, attendees will see how issues such as dependency confusion, insecure GitHub Actions workflows, and vendor-related weaknesses can become entry points for supply chain attacks. The goal is to help security teams find and fix these risks before attackers do.

Prerequisites

  • Laptop with Internet Access

Speakers

Dhiyaneshwaran Balasubramaniam
Dhiyaneshwaran Balasubramaniam

Application Security Researcher

Dhiyaneshwaran is a Nuclei Template Engineer at ProjectDiscovery.io, crafting Nuclei templates for trending exploits and CVEs. With over 2000+ templates written, he leads the Nuclei-Templates leaderboard. In his free time, he engages in bug bounty hunting and develops unique reconnaissance methodologies. He is also an active speaker and organizer in the cybersecurity community, contributing to BugBountyVillage DEF CON, Null Chapter, OWASP Local Chapters, and BSides Chapters.

View full speaker profile →
Aman Rawat
Aman Rawat

Security Researcher at ProjectDiscovery

Aman Rawat is a cybersecurity professional with years of experience in the field. Currently working as a Security Researcher at ProjectDiscovery, Aman specializes in Web, Internal/External Networks, API, Mobile (Android/iOS), Cloud Penetration Testing, AI/LLM Security, and Secure Code Reviews.

View full speaker profile →