Presentations

Finding Malware in Open Source Every Day, but Trust Compromise Keeps Me Up at Night

From SANS.edu to the Front Lines of Cyber Threat Intelligence

In this talk, I discuss my work in cyber threat intelligence, malware analysis, and software supply chain defense, and how my education through SANS Technology Institute helped deepen and strengthen that work as I advanced in the field.

Drawing on real-world examples from open source ecosystems, I examine how software supply chain attacks are shifting from standalone malicious packages to the compromise of trusted developers, maintainer accounts, and the automation that ships code to production. I also outline what defenders need to understand to keep pace with threat actors increasingly targeting trust relationships and release infrastructure.

Webinar: SANS Technology Institute · 2026

Hunting North Korea's State-Sponsored "Contagious Interview" Operation

This presentation examines how North Korean state-sponsored threat actors behind the “Contagious Interview” operation combine social engineering with malicious open source packages to compromise developers and tech job seekers. It analyzes hundreds of malicious npm packages that deliver multi-stage loaders and infostealers, including BeaverTail, InvisibleFerret, and OtterCookie, and shows how threat actors impersonate recruiters on LinkedIn, deliver “coding assignments” through GitHub and other platforms, and pressure targets to execute code locally.

Conference: SANS CTI Summit · 2026

A Security Professional's Guide to Malicious Packages

This presentation is designed for software developers, engineers, and DevOps/build teams managing dependencies and CI/CD; security professionals focused on AppSec and supply chain risk; technology managers and team leads; and threat analysts seeking practical ways to understand and mitigate risks in open source ecosystems and software supply chains.

Conference: BSidesSF · 2025

Turning the Backpage: Combating Human Trafficking with Threat Intelligence

This RSA session, co-presented with Hande Guven, shows that human trafficking occurs not only on the dark web. Public, open sources (such as classified-ad platforms) can yield actionable indicators. We share a proof-of-concept study demonstrating how first responders can monitor selected sources to generate threat leads, initiate investigations, build cases, and support survivors.

Conference: RSA Conference · 2023

© Kirill Boychenko. Some rights reserved.

Using the Chirpy theme for Jekyll.