We often hear about ways to make your deployments glorious and your pipelines poop rainbows, but where is the folklore of how to make your deploys suffer?
So, and I crafted this thoroughly cursed compendium of 69 ways to fuck up your deploys:
Follow
Click to Follow rpetrich
Ryan Petrich
@rpetrich
Former CTO @ Capsule8, Jailbreak tweak developer, reverse engineering enthusiast
Ryan Petrich’s Tweets
~* new updates to Deciduous from and me deciduous.app *~
* download as PNG (not just svg)
* download as YAML (not just .dot)
* theme picker
* drag and drop into the text editor
* import option for local files
we love when you share feedback and ur graphs <3
3
14
32
At 2022, and I presented “Lamboozling Attackers” on how you can leverage deception environments to exploit attacker brains (i.e. their learning & decision-making).
Slides are now online here and they are An Experience: swagitda.com/speaking/Lambo
read image description
ALT
read image description
ALT
read image description
ALT
read image description
ALT
2
15
37
Show this thread
This past weekend, I finally became a believer in DevSecOps. My new blog post explains my recent revelation and its source: the groundbreaking remote admin-aaS startup HarpoCrates.
Read on to see their pitch deck:
13
8
57
In the latest issue of , "Lamboozling Attackers: A New Generation of Deception," & discuss how software engineering teams can bamboozle attackers for fun & profit while deepening system resilience.
Read more here: bit.ly/3fYUewc
1
15
22
P.S. send any decision trees you create with Deciduous that you’re willing to share so and I (and the growing Deciduous community) can see all the cool things you’re doing with it
1
6
Show this thread
Deciduous 2.0 is here! ✨🔥🥵
You can now import YAML GitHub gists — which also generates a unique URL for your decision tree, allowing you to share them with your colleagues, friends, and lovers.
Try it out: deciduous.app
Release notes: github.com/rpetrich/decid
1
16
36
Show this thread
The log4j vuln is yet another example of why people need to stop using C and rewrite things securely in a memory safe language. I can’t believe we’re still having to say this!
9
22
157
It’s kind of amazing that the mathy differential fault attack parts have been automated to “ran his script, and all the keys popped out”
3
22
125
Lokitty, god of mischief and chaos, and Mobius from the TVA () know all about dangerous variants…
…hence our new paper in on using variants of production environments to exploit attacker brains for fun & profit (aka “Lamboozling”): queue.acm.org/detail.cfm?id=
read image description
ALT
read image description
ALT
read image description
ALT
read image description
ALT
4
5
98
Show this thread
Ecstatic to share my newest piece via ! Lamboozling Attackers: A New Generation of Deception queue.acm.org/detail.cfm?id=
& I wrote about how software eng teams can exploit attackers’ brains by building deception environments 🧠☠️
Read it & share your thinky w/ us
7
22
67
I solemnly swear that this code is up to no good 🧙
read image description
ALT
5
2
54
is there a more glorious feel than a passion project reaching its well-earned conclusion? I am bursting with pride and can barely bottle my hype, so glittering and effervescent
(I am aware this is obnoxiously vague, but all shall be revealed soon…)
4
1
46
ICYMI, Your Prince of Chaos was quoted on the front page of ’s special cybersecurity edition.
I love talking about brains in the infosec game and love that wrote about it, because it’s a facet of infosec that’s too often overlooked. wsj.com/articles/how-h
read image description
ALT
read image description
ALT
3
9
70
A recent episode of Rick & Morty includes a game theoretic scenario showing an exquisite example of belief prompting.
Naturally, I was inspired to model this "Thanksploitation" conflict as a decision tree using the Deciduous app, as shown in my new post: swagitda.com/blog/posts/ric
6
39
Since building decision trees is such an effective tool for threat modeling systems, & I built an app to automate much of the process.
Engineers, please try it out at swagitda.com/deciduous/. I hope it makes evaluating the security properties of your systems easier 🔒
2
14
51
I'm super excited to release Deciduous, a web app for generating security decision trees with minimal effort 🌴✨
I've been asked "what's the best tool for creating attack trees?" for years & now, with huge help from , there's finally an answer: swagitda.com/blog/posts/dec
19
249
784
Cloud service providers have effective tools for isolating every resource except for their customers' wallets
5
5
41
Introducing Patrolaroid, a malware scanner for AWS instances that doesn't yeet around your prod.
& I made it OSS so ppl don't have to deploy sketchy security tools in prod just for basic coverage of malware, miners, toolkits, backdoors, etc.
15
101
358
Show this thread
I built an open source malware scanner for EC2 with . It takes takes and scans snapshots instead of running on the instances themselves, so it’s much safer than many other security tools.
We’re calling it Patrolaroid. Please try it out
4
14
64
What if we had access to additional shift keys, allowing us to argue on the internet with letters that are EVEN MORE uppercase? An exhaustive case analysis in my latest weirdo video: “Uppestcase and Lowestcase Letters [advances in derp learning]”
30
148
359
to hell with intermediate representation bytecode. i’m ready for advanced representation bytecode; maybe expert
2
7
76
I wish "competent" wasn't considered a non-compliment by some (they seem to think it means doing the minimum?).
Competence, in reality, is incredibly scarce. There is little I respect more than ruthless competence -- efficient execution with a relentless focus on outcomes 🥵
4
12
100
It freaks me out a little how aggressive the naming of gdb’s “kill inferiors” command is
13
5
43
<watching The Two Towers>
“Wraiths on Wings”? Is that like Ruby on Rails?
2
2
54
Show this thread
Cydia just joined the legal battle against Apple: "A new lawsuit brought by one of Apple's oldest foes seeks to force the iPhone maker to allow alternatives to the App Store, the latest in a growing number of cases that aim to curb the tech giant's power."
105
762
2,899
Show this thread
The Security Chaos Engineering report I co-wrote w/ is now downloadable (for free!) via !
It’s replete with principles, sample experiments, & case studies to guide your own SCE journey, whether you're dev, ops, infosec, or SRE:
3
35
90
Show this thread
100% for the fallen.
100% open source.
100% community driven.
100% respect.
100% family.
Check it out, join, fight back!
Quote Tweet
CODING FOR JUSTICE 
Join 400+ developers & engineers around the 
to fight systemic racism.
Visit saytheirnames.io to find out how YOU can help. #saytheirnames #fightforjustice #blacklivesmatter
Join 400+ developers & engineers around the to fight systemic racism.
Visit saytheirnames.io to find out how YOU can help. #saytheirnames #fightforjustice #blacklivesmatter
13
35
Treadmill now supports iOS 13 and arm64e devices. How far have you scrolled?
16
10
166
close up of the triforce for another chance at a call to action:
donate to so and I can match your donation (up to $2,000 total!)
show your receipts in this thread & spread the unity 🖤
1
6
23
Show this thread
today’s makeup inspo: the triforce from LoZ, a symbol of unity
which is why & I are joining forces to match a total of $2,000 in donations to today
show us your receipt in this thread & spread the justice 🖤 secure.everyaction.com/4omQDAR0oUiUag
12
15
116
Show this thread
Discovered some new low power states hidden deep in iOS. Grab Powercuff from my Cydia repository to try them out
112
173
1,083
For any Siri Shortcuts fans out there, the latest Activator beta can now launch any of your device's configured shortcuts.
35
26
182
"I'm showing a Hilbert curve as another example of how to fill a two-dimensional surface with a one-dimensional line. No writing system I know of uses Hilbert curves, but it would be cool." via #virtualbangbangcon
2
4
27
New updates for Activator, WiCarrier and Icon Renamer are out. Working on an update for MailMend to fix some attachments not showing. Thanks all who reported bugs
66
41
307
And yes, I'm aware of another patch that's out there. It's somewhat incomplete and I've contacted the author with details on how to fix
9
5
109
Show this thread
Decided to release an aftermarket patch for the MobileMail/maild vulnerability now that I'm back doing jailbreak projects: rpetrich.com/cydia/mailmend/
ZecOps has details on the vuln itself:
37
144
504
Show this thread
Shipped some iOS 13 and A12/A13 updates to my beta repo. Thanks all who reported bugs and a special shout-out to for contributing the Dark Mode switch
60
39
290