About the Speaker

You’ve heard about Shai-Hulud. The worm that hit npm in September 2025. Over 500 packages compromised, GitHub repos going public with "Shai-Hulud" in the name, CISA issuing emergency alerts.
But here’s what most people don’t know: how do you actually catch something like this before it spreads?

This talk isn’t another “here’s what happened” post-mortem. It’s about building detection systems that work on zero days.
We’ll show you how we combine static code analysis with dynamic runtime monitoring in sandboxed containers, using Falco and eBPF to watch what packages actually do when they execute. Not signatures. Not CVE databases. Real behavioral analysis at system-call level.

We’ll walk through how the worm worked (credential theft, GitHub Actions injection, self-replication via npm tokens), why traditional tools failed (timing problem, not detection problem), and how to build your own detection infrastructure. We will be talking about our detection rules, the architecture for large-scale dynamic analysis, and showing live demos of catching malicious packages in isolated environments. You’ll leave with open-source tools like vet and PMG that you can deploy immediately.
 

Sudhanshu is Software Engineer at SafeDep and core maintainer of Meshery, an open-source CNCF sandbox project. You will find him talking on open-source, web development, supply chain security, cloud-native technologies, and community building. He actively mentor and guide new contributors, helping them navigate and grow in the open-source ecosystem.

Sahil Bansal, a software engineer passionate about backend systems, low-level development, and OSS security.

💼 Currently at [SafeDep](https://safedep.io), working on improving supply chain security 
🛠️ On weekends, building [Runbox](https://github.com/sahilb315/runbox), a sandbox runner from scratch<br>
📦 Previously built [AtomixDB](https://github.com/sahilb315/atomixdb), a SQL-based database from scratch in Go