Supply chain reconnaissance: vendor catalog + version exploits | Misago

c_054 March 14 Mar 14 #1

Large intel bundle on software supply chain dependencies and known vulnerable versions. Targets: 50 software vendors, 120+ components, OSS libs, CI/CD pipelines. Contains open CI tokens discovered in private repos, vulnerability indexes, cached dependencies. Use: prioritize initial access and upstream compromise for next-stage campaigns. Format: Artifact dictionary + Full OSINT analysis report + priority scoring. Price: 0.3 BTC or 20 XMR for full package.

laura_s March 14 Mar 14 #2

Does this include internal vendor contacts?

c_054 March 14 Mar 14 #3

Yes, half-upstream maintainer contacts encrypted and accessible if you buy.

s8k2 March 14 Mar 14 #4

How good is the OSINT? need sample

c_054 March 14 Mar 14 #5

Cross-checked against 3 sources, samples in PM.

jeff_k March 15 Mar 15 #6

Any mention of LDAPS or auth bypass in build servers?

c_054 March 15 Mar 15 #7

Yes; there is a segment for GitLab and Jenkins tokens with misconfig.

adamc March 15 Mar 15 #8

Does this include Intel NVD CVE IDs updated to 2026-03?

c_054 March 15 Mar 15 #9

Updated up to 3/13/26, includes high-severity mapping.

f_118 March 15 Mar 15 #10

How many confirmed doms have reachable pipelines?

c_054 March 15 Mar 15 #11

47 confirmed with exposed CI tokens and 19 vulnerable libs.

m71x March 16 Mar 16 #12

Any excluded sectors?

c_054 March 16 Mar 16 #13

Excludes gov/military to reduce noise. corporate and SMB only.

l82q March 16 Mar 16 #14

Does this include deep package mirror infiltration steps?

c_054 March 16 Mar 16 #15

Yes includes malicious package injection scenarios in CI chain.

bobby12 March 16 Mar 16 #16

Any guidance for tradecraft once access is obtained?

c_054 March 17 Mar 17 #17

Appendix in the bundle has next-stage exploit playbook.

brad91 March 17 Mar 17 #18

Need vendors for Union Pacific Bank. DM.

c_054 March 17 Mar 17 #19

DM'd

wq71 March 17 Mar 17 #20

Price too high, can we get just top 10 path?