Twitter | Search | |
Ryan Kazanciyan
Chief Security Architect , Mandiant & PwC alumnus. Coauthor of Incident Response & Computer Forensics, 3rd Ed (2014). Tech consultant for .
1,524
Tweets
188
Following
4,016
Followers
Tweets
Ryan Kazanciyan retweeted
John Lambert Feb 15
What if you could run a benign on your network and understand and visualize propagation? is doing just that for a client and publishing the results (with permission). Fascinating. Link to blog post here:
Reply Retweet Like
Ryan Kazanciyan retweeted
Paul Rascagnères Feb 13
I updated our post. The malware has the capability to generate new binaries with the stolen credentials (by patching the PE). The list in the screenshot comes from previous executions and was not created by the devevelopers themself
Reply Retweet Like
Ryan Kazanciyan retweeted
Keith Feb 12
This is a long thread, but a (rare) thread worth reading. Each of these Tweets could, and should, be an essay on some aspect of product design and development: features, quality, pace, scale, vision, among others . . . And if you hate threads, fret not:
Reply Retweet Like
Ryan Kazanciyan retweeted
dave hull Feb 10
Replying to @MalwareJake
1) Document, document, document. The "extra" time spent will be saved when you don't have to do the analysis again. 2) Write tests for your code. Verify that it does what you think it does. You are automating, no? 3) The power of teams, delegation, regular syncs & brainstorming.
Reply Retweet Like
Ryan Kazanciyan retweeted
мара-яга 🦄 Feb 6
Whatever you’re doing, stop right now and catch *slaying* with her expert testimony 💪💋👩‍💻💖
Reply Retweet Like
Ryan Kazanciyan retweeted
Elon Musk Feb 6
View from SpaceX Launch Control. Apparently, there is a car in orbit around Earth.
Reply Retweet Like
Ryan Kazanciyan retweeted
Immunity Inc. Jan 31
Priv escalation: Leak of /etc/shadow's content using SPECTRE on Fedora 25 amd64. CANVAS Early Updates users will see the update soon and regular CANVAS users will see it on the next CANVAS release.
Reply Retweet Like
Ryan Kazanciyan retweeted
Matt Graeber Jan 31
The EMET Attack Surface Reduction Replacement in Windows 10 RS3: The Good, the Bad, and the Ugly
Reply Retweet Like
Ryan Kazanciyan retweeted
Tal Be'ery Jan 29
Reply Retweet Like
Ryan Kazanciyan retweeted
Jake Williams Jan 18
When the new CISO tries to deploy lots of "next gen" security solutions without first having a device inventory, software inventory, or patching program... (nothing else works without a foundation first)
Reply Retweet Like
Ryan Kazanciyan retweeted
Michael McWatters Jan 15
The alert system was activated by a dropdown with “test missile alert” and “missile alert” next to each other. Confusing labeling aside, this is an example of ’s UI axiom (paraphrased) “Don’t put the ejection seat button near less consequential stuff.”
Reply Retweet Like
Ryan Kazanciyan retweeted
Sam Newman Jan 14
I was in the middle of creating this slide (wrt patch hygiene) and had to stop half-way through and ask myself - aren’t we all just making this worse?
Reply Retweet Like
Ryan Kazanciyan retweeted
Matt Nelson Jan 11
FYI, Microsoft extended the Office DDE reg block to Excel this week per ADV170021: . This was to mitigate DDE abuse via Excel embedded in a OneNote file not taking the previously released block keys, which I reported in October :) Blog post soon
Reply Retweet Like
Ryan Kazanciyan retweeted
Kevin Beaumont Jan 10
I've changed the spreadsheet name to "Microsoft Windows January 2018+ antivirus security update compatibility matrix" to make it clear it applies to all security updates. Now tracking 45 products. About 60% create registry keys now.
Reply Retweet Like
Ryan Kazanciyan retweeted
Kevin Beaumont Jan 8
Replying to @GossiTheDog
Microsoft have added the following text to their KB article to clarify that unless the AV compatibility registry key is set, Windows Update will not delivery January's *or all future* security updates. Organisations and InfoSec vendors, take strong note.
Reply Retweet Like
Ryan Kazanciyan retweeted
Kevin Beaumont Jan 5
Here's the problem for Enterprises - some next gen products are selling themselves to new customers as AV replacements - but many customers actually run them in addition to AV. So they don't want to set registry key in case they BSOD PC.
Reply Retweet Like
Ryan Kazanciyan retweeted
the grugq Jan 8
Reply Retweet Like
Ryan Kazanciyan retweeted
NinjaCat Herder Jan 4
(1/2) Check with your anti virus vendor before applying the and patches. patches applied on machines running AV vendors software using unsupported calls to kernel may blue screen and brick if not updated. More...
Reply Retweet Like
Ryan Kazanciyan retweeted
Dan Kaminsky Jan 3
Replying to @dakami
What’s great about this work is that it puts the spotlight where it belongs — exactly what state is being shared between security domains? Because when you don’t actually know — or, worse, when you think you do — you usually fail, even with “provably secure” math on your side.
Reply Retweet Like
Ryan Kazanciyan retweeted
Atelier Fiora 🧙‍♀️ Jan 3
okay i actually fucking LOVE this bug so much omg. this is even better than i thought it was. sorry, i apologize, i'm gonna fangirl a little bit here sorry
Reply Retweet Like