It's the year 2025, and supply chain attacks still pose an overlooked but critical threat to businesses—from small to large corporations. Past incidents such as CCleaner, Not Petya (Maersk), or the recently discovered Node packages with backdoors have shown that these attacks can cause severe financial and reputational damage to the affected company.

A successfully implemented attack gives the attacker an advantage because they are already inside the network. Security solutions designed to protect the company from external threats become useless, while compromised users often have high privileges, especially when third-party developer tools are compromised.

But how can you test your security against such an event? As a red team, we can't simply compromise a third-party vendo ...