Juan Aguirre
I am a Senior Security Researcher specializing in open source supply chain security, with a focus on offensive security and malicious packages. Over the past several years, I’ve led security research teams, analyzed a wide range of vulnerabilities, and published articles on malicious package detection, source code analysis, and software supply chain threats.
My professional journey spans offensive security, penetration testing, red teaming, and malware research, supported by certifications such as OSCP and CRTE. I’m passionate about unravelling complex threats, mentoring others in the security community, and advancing secure software practices.
Outside of work, I enjoy hiking and outdoor adventures, solving puzzles with my wife, and finding new challenges, whether in code or the great outdoors, that keep my mind sharp and curious.
Session
Malicious packages hiding in plain sight? Welcome to modern open source ecosystems. This talk explores how open source code—once limited to harmless PoCs and bug bounty tools—is increasingly being weaponized as real malware in the npm and PyPI ecosystems. We’ll walk through how these threats have evolved, dive into real examples, and show how you can analyze and understand them, even when they try to hide behind layers of obfuscation.