Malicious package detection engineering

Malicious package detection engineering with Paul McCarty

As software supply chain attacks continue to rise in frequency and sophistication, it is crucial for security professionals to adapt their processes to address these threats effectively.
One way to do this is to build a detection engineering practice to identify malicious packages as well as identify the threat indicators in those packages.
In this talk, we'll examine real detection strategies, covering traditional IOCs like IP addresses and domains found in package-based malware, while also exploring package-specific indicators. Attendees will learn practical approaches to distinguish between accidentally vulnerable code and purposefully malicious packages.

Paul is the Head of Research at Safety (safetycli.com) and a DevSecOps OG. He loves software supply chain research and delivering supply chain offensive security training and engagements. He's spent the last two years deep-diving into npm and has made several discoveries about the ecosystem. Paul founded multiple startups starting in the '90s, with UtahConnect, SecureStack in 2017, and SourceCodeRED in 2023. Paul has worked for NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, the Australian government and several startups over the last 30 years. Paul is a frequent open-source contributor and author of several DevSecOps, software supply chain and threat modelling projects. He’s currently writing a book entitled “Hacking NPM”, and when he’s not doing that, he’s snowboarding with his wife and 3 amazing kids.

Big thank you to SAP for hosting us this month.