Robert MacLean<p>If I was an <a href="https://twit.social/tags/infosec" class="mention hashtag" rel="tag">#<span>infosec</span></a> <a href="https://twit.social/tags/attacker" class="mention hashtag" rel="tag">#<span>attacker</span></a></p><p>1) screw attacking the target directly. They will have security<br />2) everyone is aware of supply chain attacks so that vector is blown</p><p>so what would I do today?</p><p>figure out how to attack <a href="https://twit.social/tags/Postman" class="mention hashtag" rel="tag">#<span>Postman</span></a> - between the app and the service, there is opportunity. And you know Joe Developer is putting his creds into Postman to test stuff.</p><p>Backdoor it and exfil data and you will have more access than you can imagine.</p>