Anatomy of a Supply Chain Worm: Building Detection Systems That Work on Zero Days
Sudhanshu Dasgupta, Sahil Bansal
Nullcon Goa 2026 · Day 1
In the rapidly evolving landscape of cybersecurity, supply chain attacks have emerged as one of the most insidious and impactful threats. This talk, "Anatomy of a Supply Chain Worm: Building Detection Systems That Work on Zero Days," delivered by Sudhanshu Dasgupta and Sahil Bansal of SafeDep, delves into the sophisticated mechanics of such attacks, using the infamous "Shylock" worm as a primary case study. The speakers meticulously dissect how this multi-stage attack exploited software ecosystems, bypassed traditional security measures, and propagated like a digital contagion.
AI review
Competent walkthrough of a real supply chain worm with a legitimate detection architecture behind it. The Shylock case study is genuinely instructive and the multi-stage pipeline (static + Falco/eBPF dynamic + human-in-loop) is coherent, but nothing here pushes the frontier — eBPF-based syscall monitoring in Docker-in-Docker with egress restrictions is a well-trodden path, and the LLM integration is hand-waved rather than demonstrated. Fills a slot, won't be the talk people quote next year.