Twitter | Search | |
Ryan Kazanciyan
Chief Product Officer ; Mandiant & PwC alumnus. Co-author of Incident Response & Computer Forensics, 3rd Ed (2014). Tech consultant for S2 & S3.
1,539
Tweets
186
Following
4,218
Followers
Tweets
Ryan Kazanciyan retweeted
Scott Hanselman Apr 18
Replying to @shanselman
THIS IS NOT INTUITIVE. I WANT TO BE SECURE BUT YOU WON'T LET ME BE GREAT YOU RIDICULOUS BUNCH OF SECURITY WONKS
Reply Retweet Like
Ryan Kazanciyan retweeted
John Lambert Apr 8
If you think VirusTotal is mostly a malware repository, this presentation by will blow you away. The slides are finally public. 1⃣ article: 2⃣ Slides: 3⃣ Thread:
Reply Retweet Like
Ryan Kazanciyan retweeted
dave hull Mar 24
I need to check this out, sounds like fun.
Reply Retweet Like
Ryan Kazanciyan retweeted
Thomas H. Ptacek Mar 23
Replying to @tqbf
When we did Microcorruption, hardcore gamedevs dominated the leaderboard. Comparable skill requirements between low level security and serious gamedev. The industry they work in is one of the most abusive in all of tech.
Reply Retweet Like
Ryan Kazanciyan retweeted
Eva Mar 22
“No state actor would be this stupid.” Oh, let me sing you the song of my people. Nation states don’t always bring their A game, and the logs are littered with the traces of dumb things they’ve done.
Reply Retweet Like
Ryan Kazanciyan Mar 21
Replying to @williballenthin
hah! Oslo?
Reply Retweet Like
Ryan Kazanciyan retweeted
Howard Oakley Mar 19
macOS Unified log: 1 why, what and how
Reply Retweet Like
Ryan Kazanciyan retweeted
David Longenecker Mar 15
For a few months and I have been questioning each other about obscure event IDs and use cases. Out spilled a new Windows Advanced Logging Cheat Sheet, to supplement his excellent original Windows Logging Cheat Sheet:
Reply Retweet Like
Ryan Kazanciyan retweeted
elastic Mar 15
Relive the excitement of the presentation from the keynote. Watch demonstrate how his team depicts realistic hacks and how played a pivotal role in the story.
Reply Retweet Like
Ryan Kazanciyan retweeted
Oliver Smith Mar 15
Part 1 of our article, Signal the ATT&CK, is available now. Read all about building a near real-time detection capability using Signals — based on ’s adversarial tactics, techniques and common knowledge
Reply Retweet Like
Ryan Kazanciyan retweeted
Matt Graeber Mar 4
Replying to @_mhastings_ @ryankaz42
And I also finally got around to looking at and 's great "DSCompromised" slides (). Turns out, they were using the DSC Script Resource before it was cool. 😍
Reply Retweet Like
Ryan Kazanciyan Feb 27
Replying to @tim_roes @elastic
Thank you so much!
Reply Retweet Like
Ryan Kazanciyan Feb 27
Replying to @taosecurity @elastic
It was used to deploy patches to the Unix-based power management systems in the opening shots of episode 2
Reply Retweet Like
Ryan Kazanciyan retweeted
elastic Feb 27
Remember when we fought the Dark Army with ? dives into how the magic happened, live at ! (But catch up at )
Reply Retweet Like
Ryan Kazanciyan Feb 27
Thrilled to share the keynote stage at to present a behind-the-hacks look at , and how we wove and other tech (including Tanium!) into the show.
Reply Retweet Like
Ryan Kazanciyan retweeted
John Lambert Feb 15
What if you could run a benign on your network and understand and visualize propagation? is doing just that for a client and publishing the results (with permission). Fascinating. Link to blog post here:
Reply Retweet Like
Ryan Kazanciyan retweeted
Paul Rascagnères Feb 13
I updated our post. The malware has the capability to generate new binaries with the stolen credentials (by patching the PE). The list in the screenshot comes from previous executions and was not created by the devevelopers themself
Reply Retweet Like
Ryan Kazanciyan retweeted
Keith Feb 12
This is a long thread, but a (rare) thread worth reading. Each of these Tweets could, and should, be an essay on some aspect of product design and development: features, quality, pace, scale, vision, among others . . . And if you hate threads, fret not:
Reply Retweet Like
Ryan Kazanciyan retweeted
dave hull Feb 10
Replying to @MalwareJake
1) Document, document, document. The "extra" time spent will be saved when you don't have to do the analysis again. 2) Write tests for your code. Verify that it does what you think it does. You are automating, no? 3) The power of teams, delegation, regular syncs & brainstorming.
Reply Retweet Like
Ryan Kazanciyan retweeted
marasawr Feb 6
Whatever you’re doing, stop right now and catch *slaying* with her expert testimony 💪💋👩‍💻💖
Reply Retweet Like