Ryan Petrich

@rpetrich

Former CTO @ Capsule8, Jailbreak tweak developer, reverse engineering enthusiast

NYC
rpetri.ch
Joined February 2009
102 Photos and videos Photos and videos

Tweets

You blocked @rpetrich

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @rpetrich

  1. Retweeted
    Jan 26

    In the latest issue of , "Lamboozling Attackers: A New Generation of Deception," & discuss how software engineering teams can bamboozle attackers for fun & profit while deepening system resilience. Read more here:

    1 reply . 14 retweets 22 likes
    Undo
  2. Retweeted
    Jan 26

    P.S. send any decision trees you create with Deciduous that you’re willing to share so and I (and the growing Deciduous community) can see all the cool things you’re doing with it

    1 retweet 5 likes
    Show this thread
    Show this thread
    Undo
  3. Retweeted
    Jan 26

    Deciduous 2.0 is here! ✨🔥🥵 You can now import YAML GitHub gists — which also generates a unique URL for your decision tree, allowing you to share them with your colleagues, friends, and lovers. Try it out: Release notes:

    1 reply . 16 retweets 37 likes
    Show this thread
    Show this thread
    Undo
  4. Retweeted
    10 Dec 2021

    The log4j vuln is yet another example of why people need to stop using C and rewrite things securely in a memory safe language. I can’t believe we’re still having to say this!

    11 replies . 20 retweets 167 likes
    Undo
  5. 23 Nov 2021

    It’s kind of amazing that the mathy differential fault attack parts have been automated to “ran his script, and all the keys popped out”

    Small write-up about AES key extraction in TSEC // Nintendo Switch You can read it here:
    3 replies . 23 retweets 127 likes
    Undo
  6. Retweeted
    2 Nov 2021

    Lokitty, god of mischief and chaos, and Mobius from the TVA () know all about dangerous variants… …hence our new paper in on using variants of production environments to exploit attacker brains for fun & profit (aka “Lamboozling”):

    A picture of Ryan Petrich and Kelly Shortridge. Kelly is dressed in costume as a Loki-kitty variant, also known as “Lokitty”, and Ryan is dressed as Agent Mobius. They are holding a tablet that reads “Lamboozling Attackers: A New Generation of Deception”, a recent paper they published in ACM Queue.
    A picture of Ryan Petrich and Kelly Shortridge. Kelly is dressed in costume as a Loki-kitty variant, also known as “Lokitty”, and Ryan is dressed as Agent Mobius. They are holding a tablet that reads “Lamboozling Attackers: A New Generation of Deception”, a recent paper they published in ACM Queue.
    A picture of Ryan Petrich and Kelly Shortridge. Kelly is dressed in costume as a Loki-kitty variant, also known as “Lokitty”, and Ryan is dressed as Agent Mobius. They are holding a tablet that reads “Lamboozling Attackers: A New Generation of Deception”, a recent paper they published in ACM Queue.
    A picture of Ryan Petrich and Kelly Shortridge. Kelly is dressed in costume as a Loki-kitty variant, also known as “Lokitty”, and Ryan is dressed as Agent Mobius. They are holding a tablet that reads “Lamboozling Attackers: A New Generation of Deception”, a recent paper they published in ACM Queue.
    4 replies . 4 retweets 101 likes
    Show this thread
    Show this thread
    Undo
  7. Retweeted
    29 Oct 2021

    Ecstatic to share my newest piece via ! Lamboozling Attackers: A New Generation of Deception & I wrote about how software eng teams can exploit attackers’ brains by building deception environments 🧠☠️ Read it & share your thinky w/ us

    7 replies . 21 retweets 67 likes
    Undo
  8. 26 Oct 2021

    I solemnly swear that this code is up to no good 🧙

    Source code with comment that reads "The stack pointer is just made up, but we have it be something sensible so the kernel doesn't think we're up to no good. Which we are."
    5 replies . 2 retweets 57 likes
    Undo
  9. Retweeted
    14 Oct 2021

    is there a more glorious feel than a passion project reaching its well-earned conclusion? I am bursting with pride and can barely bottle my hype, so glittering and effervescent (I am aware this is obnoxiously vague, but all shall be revealed soon…)

    4 replies . 1 retweet 48 likes
    Undo
  10. Retweeted
    6 Oct 2021

    ICYMI, Your Prince of Chaos was quoted on the front page of ’s special cybersecurity edition. I love talking about brains in the infosec game and love that wrote about it, because it’s a facet of infosec that’s too often overlooked.

    A photograph of WSJ’s special issue on Cybersecurity
    A photograph of the article “the Biggest Cybersecurity Risk: Our Brains” in the WSJ
    3 replies . 8 retweets 76 likes
    Undo
  11. Retweeted
    9 Aug 2021

    A recent episode of Rick & Morty includes a game theoretic scenario showing an exquisite example of belief prompting. Naturally, I was inspired to model this "Thanksploitation" conflict as a decision tree using the Deciduous app, as shown in my new post:

    5 retweets 41 likes
    Undo
  12. 14 Jul 2021

    Since building decision trees is such an effective tool for threat modeling systems, & I built an app to automate much of the process. Engineers, please try it out at . I hope it makes evaluating the security properties of your systems easier 🔒

    2 replies . 10 retweets 52 likes
    Undo
  13. Retweeted
    12 Jul 2021

    I'm super excited to release Deciduous, a web app for generating security decision trees with minimal effort 🌴✨ I've been asked "what's the best tool for creating attack trees?" for years & now, with huge help from , there's finally an answer:

    25 replies . 227 retweets 817 likes
    Undo
  14. 17 Jun 2021

    Cloud service providers have effective tools for isolating every resource except for their customers' wallets

    5 replies . 4 retweets 44 likes
    Undo
  15. Retweeted
    2 Jun 2021

    Introducing Patrolaroid, a malware scanner for AWS instances that doesn't yeet around your prod. & I made it OSS so ppl don't have to deploy sketchy security tools in prod just for basic coverage of malware, miners, toolkits, backdoors, etc.

    16 replies . 100 retweets 383 likes
    Show this thread
    Show this thread
    Undo
  16. 3 Jun 2021

    I built an open source malware scanner for EC2 with . It takes takes and scans snapshots instead of running on the instances themselves, so it’s much safer than many other security tools. We’re calling it Patrolaroid. Please try it out

    4 replies . 14 retweets 65 likes
    Undo
  17. Retweeted
    1 Apr 2021

    What if we had access to additional shift keys, allowing us to argue on the internet with letters that are EVEN MORE uppercase? An exhaustive case analysis in my latest weirdo video: “Uppestcase and Lowestcase Letters [advances in derp learning]”

    31 replies . 125 retweets 378 likes
    Undo
  18. Retweeted
    31 Mar 2021

    to hell with intermediate representation bytecode. i’m ready for advanced representation bytecode; maybe expert

    2 replies . 6 retweets 77 likes
    Undo
  19. Retweeted
    9 Mar 2021

    I wish "competent" wasn't considered a non-compliment by some (they seem to think it means doing the minimum?). Competence, in reality, is incredibly scarce. There is little I respect more than ruthless competence -- efficient execution with a relentless focus on outcomes 🥵

    4 replies . 11 retweets 105 likes
    Undo
  20. 20 Feb 2021

    It freaks me out a little how aggressive the naming of gdb’s “kill inferiors” command is

    13 replies . 5 retweets 46 likes
    Undo

@rpetrich hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·