Loading…
Company: Webflow clear filter
Saturday, September 12
 

10:30am CDT

When the Package Is the Weapon: Detecting and Responding to npm Supply Chain Intrusions
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Your developers trust npm. Attackers figured that out before your detection stack did.
This talk is a ground-up forensic reconstruction of two real npm supply chain campaigns — the NX package compromise in late 2025 and the axios RAT campaign in March 2026 — told entirely from the defender's perspective. Not a theoretical exercise. This is what the logs actually looked like, what the tooling missed, and what finally surfaced the activity.
We walk through how a malicious git hook silently drops a RAT onto a developer endpoint the moment they run a routine yarn dlx command, why this technique is specifically engineered to stay quiet in standard endpoint telemetry, and what the attacker does next. The target isn't your servers. It's the MetaMask wallet sitting in your developer's browser profile and the seed phrases cached in their dotfiles. Cloud credentials are secondary — harvested and staged for resale while the crypto moves on-chain.
The second half of the talk is pure blue team. We'll share the Humio/LogScale query patterns that actually worked, the CrowdStrike telemetry fields that matter for this attack class, the detection gaps these campaigns deliberately exploit, and a hardening checklist your security team can hand directly to engineering.
Real IOCs and detection artifacts from live incident forensics will be released during the session.
You will leave with something you can use the same week.
Speakers
avatar for Mohit Bansal

Mohit Bansal

Senior Engineering Manager, Security Engineering, Webflow
Mohit Bansal leads a security engineering team spanning SecOps, Vulnerability Management, Enterprise Security, Incident Response and security tooling. He brings 10+ years of security experience across application security engineering and leadership roles at multiple high-scale technology... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk
 
Blue Team Con 2026
From $0.00

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Thursday, September 10
Saturday, September 12
Microsoft Technology Center (Aon Center)
Swissôtel Chicago
  • Talk
  • Training
  • Company
  • Abstract
  • Acalvio
  • Amazon
  • Beazley Security
  • Black Hills Information Security
  • Bloom security
  • Broadcom
  • C Spire
  • Campbell Clinic
  • Coalfire
  • CQURE
  • Critical Path Security
  • Data Defenders
  • Dataminr
  • Daylight Security
  • DHS/CISA
  • EXOS
  • First National Bank of Omaha (FNBO)
  • Flare
  • Fortune 150 Food & Bev Manufacturer
  • GetReal Security
  • Horizon Secured
  • Invisible Technologies
  • LevelBlue
  • Liberty Mutual Insurance
  • Nationwide
  • Netwrix
  • Notion
  • Pixee AI
  • Push Security
  • Rapid7
  • Reflex Security
  • Reversec
  • Revology
  • SCYTHE
  • Semperis
  • Spacewalk.ai
  • SpecterOps
  • StoneX
  • TrustedSec
  • Webflow
  • WiCyS Wisconsin
  • Zelis Healthcare
  • Audience
  • Advanced
  • Beginner
  • Early Career
  • Intermediate
  • Subject
  • Application Security / DevSecOps
  • Career Matters
  • Governance / Risk / Compliance
  • Management / Leadership
  • Physical Security
  • Resilience
  • Security Operations / Tools
  • Threat Hunting and Red Teaming
  • Threat Intel and DFIR
  • Vulnerability Management