Josh Reynolds (jmag)

Looking forward to my first keynote! This won’t be another doom and gloom AI talk. It will be about my real world experiences with applications and pitfalls, with plenty of demos.

Thank you @InvokeReversing for being a Bronze sponsor for @MalwareVillage @DEFCON 33! 🙏 Interested in learning more about their company? Visit: invokere.com #MalwareVillage #DC33

So is dreadnode like langchain/langsmith but for offensive AI building / eval?

Join us on Tuesday, July 29th, at 14:00 EST for a special live stream with Renaud Tabary from @malcat4ever where we will explore and perform live malware triage with Malcat! twitch.tv/InvokeReversing

At the start of this release, we really intended to focus on providing a whole bunch of quality of life improvements to our users, and I think we really nailed it on that front. But this team keeps on impressing me every release. Thread:

Binary Ninja 5.1 is now released: binary.ninja/2025/07/24/5.1… - New WARP function matching - Pseudo Objective-C - Binexport plugin built-in - IL Rewriting Examples, APIs, and Docs - Arch: PPC VLE, mips-r5900, x32 + Much more!

#Kesakode DB has been updated to 1.0.36 ! * 9 new malware families * 70 extended malware signatures * 37 new malicious samples in database * 11440 new library objects seen * 120k new clean programs whitelisted * 17M new unique functions * 3M new unique strings

Hi folks, Prompt||GTFO is returning this Thursday (24 July), at noon Eastern. Let's take AI/ML back from the marketers. For access, please register here: forms.gle/HMUvJ8CU4GQYZM…

Mark your calendars! The Invoke RE DEF CON 33 Meet Up will be at the CASBAR lounge in SAHARA on Thursday, August 7th from 3-6PM. Whether you're a seasoned pro or just starting out, this is a great opportunity to meet your fellow malware researchers and reverse engineers! RSVP👇

💥 CERT-UA published a report on a malware powered by an LLM. The malware uses Qwen 2.5-Coder-32B-Instruct via the HuggingFace API to generate and execute commands on infected systems. It is a Python script that embeds prompts to dynamically craft Windows reconnaissance…

Cedric Brisson (@cyb3rjerry), in collaboration with Invoke RE's Josh Reynolds (@JershMagersh), analysed the "Scavenger" malware distributed via a supply chain compromise involving popular NPM package es-lint-config-prettier. c-b.io/2025-07-20+-+I…

Using the UnpacMe byte-search IDA plugin we found some Scavenger related malware dating back to October 2024. At the time the malware was dubbed ExoTickler. Analysis follows...

We did a full technical blog on the NPM eslint-config-prettier supply chain compromise that was used to distribute the Scavenger malware with @cyb3rjerry Check it out below 👇

Hey all! As promised, here's the in-depth analysis @JershMagersh from @InvokeReversing and I did of the malware strain that's been spreading through NPM in the last few days following a successful phish. We present to you: Scavenger. c-b.io/2025-07-20+-+I…

New list of C2s I've identified related to the npm malware (eslint-config-prettier and friends): - https[://]datacrab-analytics[.]com - https[://]datahog[.]su - https[://]datalytica[.]su - https[://]ac7b2eda6f14[.]datahog[.]su/2w3e98t5zh298w3tzhg7982w3t4eg

Curious to know what the malware that got dropped in eslint-config-prettier is doing? @JershMagersh from @InvokeReversing and I are cooking a slick blogpost that goes into it's capabilities 😤 Here's a meme teaser in the meantime Stay tuned ❤️

Whenever I see people say the red teaming should only use TI, it seems unusual because if you're mature enough to need a red team, your EDR vendor will likely pick up on many currently known threats in the public eye. At that point, you're stuck modifying things away from what's…

Doing a Swift RE talk at #DEFCON33 @MalwareVillage :) Never been to DEFCON before so I’m looking forward to meeting people! #DC33 #MalwareVillage

w00t! @metasploit release includes the first aarch64 windows payload. Thanks to @xaitax for the contribution! 🚀 rapid7.com/blog/post/meta…

Even better is that if you just search "putty" in your start menu, the malicious ad is the one that pops up!

We've uploaded our stream from July 8th where we started writing a plugin for Binary Ninja to perform code emulation to recover obfuscated strings from malware with Binary Refinery. Big thanks to @huettenhain for Binary Refinery and vstack. Enjoy!