Rohit Kumar

Founder

Securable, Inc

Rohit Kumar is Founder of O3 Security, Facebook’s top bug bounty hunter, and a leading cybersecurity researcher who has reported critical vulnerabilities to Wiz, Meta, GitHub, and other global security vendors.

Speaker sessions

From Dependency to Deception: Uncovering Supply Chain Attacks with eBPF

Modern software supply chain attacks are stealthy, sophisticated, and increasingly bypass traditional security tools. Malicious dependencies, compromised CI/CD pipelines, and tampered build artifacts can quietly infiltrate production without triggering static scanners. As defenders, we need to shift our focus — not just left, but forward — into runtime behavior.This session introduces a powerful new approach: using eBPF (Extended Berkeley Packet Filter) as a runtime observability engine to detect and analyze suspicious activities originating from your CI/CD and deployment pipelines. We’ll walk through real-world attack scenarios that bypass static analysis and show how custom eBPF probes can uncover malicious behavior like unauthorized file reads, unexpected outbound connections, or untrusted process executions — all without modifying your application or containers.You’ll learn how to build an efficient eBPF-based runtime layer that complements your existing SAST/SCA tools and enables post-deployment defense. We’ll cover probe design, filtering noisy syscalls, handling performance concerns at high throughput (10K+ requests/sec), and integrating runtime signals into modern alerting or SIEM workflows.Whether you're a platform engineer, product security lead, or SRE tired of false negatives from static tools, this talk will give you actionable techniques to secure your cloud-native environments where it truly matters: in production. Live demos, original tooling, and practical insights will ensure you walk away with both strategic vision and implementation-ready knowledge.