Twitter | Search | |
Ryan Kazanciyan
Chief Product Officer ; Mandiant & PwC alumnus. Co-author of Incident Response & Computer Forensics, 3rd Ed (2014). Tech consultant for S2 & S3.
1,540
Tweets
186
Following
4,310
Followers
Tweets
Ryan Kazanciyan retweeted
𝓙𝓪𝓶𝓲𝓮 𝓛𝓮𝓿𝔂 💻 Aug 8
Some trivia: Did you know that Cygwin had a driver to expose memory on XP/2003 systems that mapped it as /dev/mem back around 2007-9ish? They discontinued sometime after Vista came out. I taught at Queens College using “sampling” with Cygwin and back then
Reply Retweet Like
Ryan Kazanciyan retweeted
Barack Obama Jun 8
“Low plastic stool, cheap but delicious noodles, cold Hanoi beer.” This is how I’ll remember Tony. He taught us about food — but more importantly, about its ability to bring us together. To make us a little less afraid of the unknown. We’ll miss him.
Reply Retweet Like
Ryan Kazanciyan retweeted
Scott Hanselman Apr 18
Replying to @shanselman
THIS IS NOT INTUITIVE. I WANT TO BE SECURE BUT YOU WON'T LET ME BE GREAT YOU RIDICULOUS BUNCH OF SECURITY WONKS
Reply Retweet Like
Ryan Kazanciyan retweeted
John Lambert Apr 8
If you think VirusTotal is mostly a malware repository, this presentation by will blow you away. The slides are finally public. 1⃣ article: 2⃣ Slides: 3⃣ Thread:
Reply Retweet Like
Ryan Kazanciyan retweeted
dave hull Mar 24
I need to check this out, sounds like fun.
Reply Retweet Like
Ryan Kazanciyan retweeted
Thomas H. Ptacek Mar 23
Replying to @tqbf
When we did Microcorruption, hardcore gamedevs dominated the leaderboard. Comparable skill requirements between low level security and serious gamedev. The industry they work in is one of the most abusive in all of tech.
Reply Retweet Like
Ryan Kazanciyan retweeted
Eva Mar 22
“No state actor would be this stupid.” Oh, let me sing you the song of my people. Nation states don’t always bring their A game, and the logs are littered with the traces of dumb things they’ve done.
Reply Retweet Like
Ryan Kazanciyan Mar 21
Replying to @williballenthin
hah! Oslo?
Reply Retweet Like
Ryan Kazanciyan retweeted
Howard Oakley Mar 19
macOS Unified log: 1 why, what and how
Reply Retweet Like
Ryan Kazanciyan retweeted
David Longenecker Mar 15
For a few months and I have been questioning each other about obscure event IDs and use cases. Out spilled a new Windows Advanced Logging Cheat Sheet, to supplement his excellent original Windows Logging Cheat Sheet:
Reply Retweet Like
Ryan Kazanciyan retweeted
elastic Mar 15
Relive the excitement of the presentation from the keynote. Watch demonstrate how his team depicts realistic hacks and how played a pivotal role in the story.
Reply Retweet Like
Ryan Kazanciyan retweeted
Oliver Smith Mar 15
Part 1 of our article, Signal the ATT&CK, is available now. Read all about building a near real-time detection capability using Signals — based on ’s adversarial tactics, techniques and common knowledge
Reply Retweet Like
Ryan Kazanciyan retweeted
Matt Graeber Mar 4
Replying to @_mhastings_ @ryankaz42
And I also finally got around to looking at and 's great "DSCompromised" slides (). Turns out, they were using the DSC Script Resource before it was cool. 😍
Reply Retweet Like
Ryan Kazanciyan Feb 27
Replying to @tim_roes @elastic
Thank you so much!
Reply Retweet Like
Ryan Kazanciyan Feb 27
Replying to @taosecurity @elastic
It was used to deploy patches to the Unix-based power management systems in the opening shots of episode 2
Reply Retweet Like
Ryan Kazanciyan retweeted
elastic Feb 27
Remember when we fought the Dark Army with ? dives into how the magic happened, live at ! (But catch up at )
Reply Retweet Like
Ryan Kazanciyan Feb 27
Thrilled to share the keynote stage at to present a behind-the-hacks look at , and how we wove and other tech (including Tanium!) into the show.
Reply Retweet Like
Ryan Kazanciyan retweeted
John Lambert Feb 15
What if you could run a benign on your network and understand and visualize propagation? is doing just that for a client and publishing the results (with permission). Fascinating. Link to blog post here:
Reply Retweet Like
Ryan Kazanciyan retweeted
Paul Rascagnères Feb 13
I updated our post. The malware has the capability to generate new binaries with the stolen credentials (by patching the PE). The list in the screenshot comes from previous executions and was not created by the devevelopers themself
Reply Retweet Like
Ryan Kazanciyan retweeted
Keith Feb 12
This is a long thread, but a (rare) thread worth reading. Each of these Tweets could, and should, be an essay on some aspect of product design and development: features, quality, pace, scale, vision, among others . . . And if you hate threads, fret not:
Reply Retweet Like