Alex Chantavy

@alexchantavy

Security@Lyft; one of the devs on

Seattle, WA
github.com/achantavy
Vrijeme pridruživanja: svibanj 2014.
7 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @alexchantavy

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @alexchantavy

  1. 31. sij

    Is it important to you for an open-source project to include a container in its Github? If so, why? Do they help reduce friction in deploying it at work, or is it more about being able to play with a demo?

    1 reply
    Poništi
  2. 30. sij

    Saw this on HN and I think it expresses what we're trying to do with our error handling approach (or lack thereof😅) in Cartography: Let it crash: - Code for the happy path - Don't catch exceptions you can't handle properly - Software should fail noisily

    1 reply 1 proslijeđeni tweet
    Poništi
  3. 23. sij

    There's lots of tech we could use to do this (a hacky Makefile? Apache Airflow?), and we'd also need to research and test if Neo4j's IO can handle what we throw at it. Anyway, just sharing some thoughts on what we're thinking about on Cartography's roadmap.

    3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. 23. sij

    Our sync could look like a directed-acyclic graph of dependencies. E.g. we need to load S3 buckets before we load S3 ACLs, but neither are needed to load GCP instances, so an AWS sync could run in parallel with a GCP sync to make things more speedy and reliable.

    1 reply 2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. 23. sij

    One of Cartography's challenges is managing data dependencies. We sync data from many sources, and this happens in a serialized way: e.g. an AWS API can fail and crash the whole sync so we won't get GCP data. This is not ideal, and we need to pick a better long term approach.

    5 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. 21. sij

    Does the AWS resourcegroupstagging API return data for all assets and all tags (even if they aren't in a resource group)? Context: - I'd like to ingest all tagged AWS assets in Cartography with one boto3 API call.

    2 korisnika označavaju da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    20. sij

    Lots of inspiration from studying the projects released by and to determine what exposures can exist in .

    66 proslijeđenih tweetova 193 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    20. sij

    Just blogged: "Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography" - How to leverage Cartography to detect, identify, categorize, and visualize all the assets being deployed in your estate

    20 proslijeđenih tweetova 59 korisnika označava da im se sviđa
    Poništi
  9. 27. pro 2019.

    Just merged in my guide on how to write your own Cartography intel modules - - look forward to seeing your contributions🙌

    1 reply 4 proslijeđena tweeta 11 korisnika označava da im se sviđa
    Poništi
  10. 25. stu 2019.

    Video recording of me showing off Cartography is up! Thanks again to --

    3 proslijeđena tweeta 11 korisnika označava da im se sviđa
    Poništi
  11. 13. stu 2019.

    Me showing off at ✌️

    We're live! It's never too late to tune in to our Virtual Conference Shift AppSec and get in on all the action: Zoom: Facebook Live:
    1 reply 3 korisnika označavaju da im se sviđa
    Poništi
  12. 13. lip 2019.

    I'm pretty proud of this. Also added an analysis job to tag instances as open to the internet via firewall rules:

    Alright, GCP VPC, Instance, Ip Rules, Subnet, Range, AccessConfig ... are now in Cartography. Next step is enrichment job to tag internet exposed instances. Big push and team.
    Prikaži ovu nit
    1 reply 2 proslijeđena tweeta 4 korisnika označavaju da im se sviđa
    Poništi
  13. 23. tra 2019.

    > What if an Ethereum owner stored their digital money with a private key [...] that had a value of 1? RIP lmao

    It may be cool to hate big banks, but this is why big banks:
    1 korisnik označava da mu se sviđa
    Poništi
  14. proslijedio/la je Tweet
    17. kol 2018.

    Going from Red Team to Blue Team must be terrible. “I found a virtual appliance with the default password! I rule!” “I found a virtual appliance with the default password! Now I have to fix it myself! But there’s no audit logs to show what services are hooking into the API!”

    28 replies 204 proslijeđena tweeta 1.190 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    17. kol 2018.

    Blog Post: Arbitrary, Unsigned Code Execution Vector in Microsoft.Workflow.Compiler.exe Bypasses all forms of whitelisting, circumvents Win 10S, and is unlikely to ever be used in your environment, hence, it should be trivial to detect.

    11 replies 419 proslijeđenih tweetova 652 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    13. kol 2018.

    Ever wonder what process is using your microphone? I just wrote short entry on how to do this with WNF from a kernel-mode driver. . cc

    105 proslijeđenih tweetova 219 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    24. srp 2018.

    Y’all knew it was just a matter of time : ) PowerShell is definitely a "gateway drug" to C# - GhostPack is a collection of new security tools (currently C#) details at , code live at

    29 replies 424 proslijeđena tweeta 737 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    19. srp 2018.

    Bad news for CyberSecurity AI-based products.

    7 USC §§3803(b) & 3806 make it a federal crime to operate a garbage-cooking facility without a permit, knowing your cooked garbage will be fed to pigs.
    7 replies 22 proslijeđena tweeta 73 korisnika označavaju da im se sviđa
    Poništi
  19. 18. sij 2018.

    aww yee

    Poništi
  20. proslijedio/la je Tweet
    15. stu 2017.

    r_fast_r_furious is an npm module which quickly validates whether a movie is part of the Fast & Furious saga

    31 proslijeđeni tweet 51 korisnik označava da mu se sviđa
    Poništi

@alexchantavy još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·