BSides Kerala 2026 Speakers

Sudhanshu Dasgupta

Software Engineer at SafeDep

Speaker
Speaker Bio

Software Engineer at SafeDep

Twitter LinkedIn GitHub Website

Sudhanshu Dasgupta is a Software Engineer at SafeDep, where he works on open source supply chain security tooling, building and contributing to tools that help developers detect and block malicious packages before they reach production. He is a core maintainer of Meshery, a CNCF sandbox project for cloud-native infrastructure management, and has contributed to multiple open source projects across the cloud-native ecosystem. He has worked in software engineering, developer relations, and community building. He brings a practitioner's perspective to supply chain security, based on real-world engineering workflows and the changing threat landscape that open source ecosystems face. He is interested in finding malicious packages, making AI agents safe, and figuring out how developer tools and supply chain risk are connected.

He has spoken at IndisFOSS, DevConf Pune, and Nullcon Goa, where his talks have covered supply chain security, open source tooling, and the emerging security challenges introduced by AI coding agents and MCP servers in modern development environments.

Talk at BSides Kerala 2026

Talk

The npm Attack Surface in 2026: Account Takeovers, Fake Plugins, and Full C2 Agents

Hacker Ground Intermediate 30 Minutes

npm powers the modern web and is increasingly a target. In early 2026, the npm ecosystem saw a cluster of supply chain attacks that highlight how this trust is being actively exploited. This talk presents a forensic analysis of major attacks, including the axios compromise, a malicious Strapi plugin campaign, and typosquatting with express-session-js, each using different entry vectors to publish malicious code to a registry trusted by millions of developers.

The session explores how attackers combine ecosystem trust, automation, and developer workflows to deliver malicious code at scale, and provides a practical approach to analyzing suspicious npm packages without installing them. Attendees will learn to identify anomalies in package metadata, decode obfuscated payloads, and detect network and filesystem indicators. The talk also demonstrates open source tools vet and pmg, showing how these analysis techniques translate into real-world, automated defenses at both CI and install time.

Date
9 May 2026
Time
03:00 - 03:30 PM IST
Venue
Hacker Ground
Format
Technical Talk
Register for BSides Kerala 2026 View Full Schedule
BSides Kerala 2026