Hey all! As promised, here's the in-depth analysis @JershMagersh from @InvokeReversing and I did of the malware strain that's been spreading through NPM in the last few days following a successful phish. We present to you: Scavenger. https://t.co/2L8p9J8AWM

I spent years bypassing security tools as a red teamer. So I built the product to catch me. Launching Nov. 10th.

YouTube for the full screen experience ✨ https://t.co/39LIDcCa5S

if you would please consult the graphs 🫵🤓 on another note, very happy that the p99 for user facing APIs for is <22ms, and a lot of that is thanks to the wonderful Aurora DSQL. and for critical async APIs (processing etc.), that number is only better - edging <8ms.

Who puts this in malware bro 😭😭😭

Beware of high-ranking fake reversing tool websites. pestudio org and dnspy org are fake. Use https://t.co/PwccjqomQ1 and https://t.co/06SQa6zXoO instead

On multiple occasions I've found myself longing for a single place where I could track smaller DFIR blogposts so I decided to make it myself. I'd like to introduce to everyone the official IRCC website

@PixOnChain AWS is decentralized It's not their fault no one in web3 enforces multi region redundancy

dashboard maxxing @deceptiq_ I wanted a graph, I have a graph - the dashboard graphs only get better from here on out.

Certifications - because hiring folks (and even internal staff) have no clue how any of this works, so ✨hopes and prayers✨ that certifications will somehow ensure better outcomes Just spent a week with tons of brilliant folks with no certs btw. Hiring based on them is dumb.

The amazing @cxiao__ is offering training at https://t.co/njaLsVzus6 for #Rust #Malware #ReverseEngineering 😱 Her insight is absolutely priceless, she's taught me all I know about this. If you are organizing an event: This is the state-of-the-art training you are looking for.

DM me for .... new Lumma config extractor 🤭

It’s only a vulnerability if it comes from the Vulne region of France. Otherwise it’s just an exploitable issue.

https://t.co/PIK1gcwtIM #NewAttackSurface

Extremely grateful to have had the opportunity to not only give my first talk today but to do so alongside @JershMagersh from @InvokeReversing. In case you missed it, you can find our slides on GitHub here https://t.co/6mpHVHazZq

Had a fantastic turnout for our talk at BSides Toronto about the scavenger malware today! Huge thanks to @cyb3rjerry for co-presenting and thank you to everyone for attending!

Got my very first speaker badge ☺️ #bsidesto

Our CFP is open! If you’re working on something exciting, we want to hear from you! Submit your talk for RE//verse 2026: https://t.co/5l5IZLKzdZ

A reminder that @cyb3rjerry and @JershMagersh will be speaking at BSides Toronto this Sunday (Oct 5th) at 11:45AM about the Scavenger NPM supply chain attack. See you there!

Hey all! My good friend @0xDeLuks just released his latest writeup on TadpoleVM. I'm always impressed at how smart younger generations seem to be. Makes me feel like I wad stupid at their age 😂 https://t.co/VXLydVNg6C

Short analysis of a simple AlmondRAT sample: https://t.co/YoClsmvc4H