Joshua Reynolds
Joshua Reynolds is the founder of Invoke RE, a cybersecurity training and research company focused on reverse engineering, malware analysis and threat intelligence. With over a decade of experience, Joshua has held senior roles at industry leading companies, including Cisco and CrowdStrike. Joshua has spoken at major conferences such as REcon, RSA, DEF CON and Virus Bulletin on topics including ransomware, malicious document analysis and automating malware analysis. In addition to his speaking engagements and research, Joshua has developed industry standard malware analysis training courses that are taught to hundreds of students globally through his company Invoke RE.
Session
Supply chain attacks represent one of the most pervasive threats in modern cybersecurity, with the potential to compromise thousands of systems simultaneously. This talk presents a detailed technical analysis of a supply chain compromise campaign, which successfully compromised multiple NPM and PyPI packages within a 10-day period, affecting packages with over 30 million weekly downloads.
We’ll highlight how earlier variants targeted smaller, lesser-known assets before pivoting to high-visibility projects, and how technical similarities across samples linked this operation to previous malware families.