Ryan Petrich

@rpetrich

Former CTO @ Capsule8, Jailbreak tweak developer, reverse engineering enthusiast

NYC
rpetri.ch
Beigetreten Februar 2009
102 Fotos und Videos Fotos und Videos

Tweets

Du hast @rpetrich blockiert

Bist du sicher, dass du diese Tweets sehen willst? Das Ansehen von Tweets wird @rpetrich nicht entblocken.

  1. hat retweetet
    26. Jan.

    In the latest issue of , "Lamboozling Attackers: A New Generation of Deception," & discuss how software engineering teams can bamboozle attackers for fun & profit while deepening system resilience. Read more here:

    1 Antwort 14 Retweets 22 Gefällt mir
    Rückgängig machen
  2. hat retweetet
    26. Jan.

    P.S. send any decision trees you create with Deciduous that you’re willing to share so and I (and the growing Deciduous community) can see all the cool things you’re doing with it

    1 Retweet 5 Gefällt mir
    Diesen Thread anzeigen
    Diesen Thread anzeigen
    Rückgängig machen
  3. hat retweetet
    26. Jan.

    Deciduous 2.0 is here! ✨🔥🥵 You can now import YAML GitHub gists — which also generates a unique URL for your decision tree, allowing you to share them with your colleagues, friends, and lovers. Try it out: Release notes:

    1 Antwort 16 Retweets 37 Gefällt mir
    Diesen Thread anzeigen
    Diesen Thread anzeigen
    Rückgängig machen
  4. hat retweetet
    10. Dez. 2021

    The log4j vuln is yet another example of why people need to stop using C and rewrite things securely in a memory safe language. I can’t believe we’re still having to say this!

    11 Antworten 20 Retweets 167 Gefällt mir
    Rückgängig machen
  5. 23. Nov. 2021

    It’s kind of amazing that the mathy differential fault attack parts have been automated to “ran his script, and all the keys popped out”

    Small write-up about AES key extraction in TSEC // Nintendo Switch You can read it here:
    3 Antworten 23 Retweets 127 Gefällt mir
    Rückgängig machen
  6. hat retweetet
    2. Nov. 2021

    Lokitty, god of mischief and chaos, and Mobius from the TVA () know all about dangerous variants… …hence our new paper in on using variants of production environments to exploit attacker brains for fun & profit (aka “Lamboozling”):

    A picture of Ryan Petrich and Kelly Shortridge. Kelly is dressed in costume as a Loki-kitty variant, also known as “Lokitty”, and Ryan is dressed as Agent Mobius. They are holding a tablet that reads “Lamboozling Attackers: A New Generation of Deception”, a recent paper they published in ACM Queue.
    A picture of Ryan Petrich and Kelly Shortridge. Kelly is dressed in costume as a Loki-kitty variant, also known as “Lokitty”, and Ryan is dressed as Agent Mobius. They are holding a tablet that reads “Lamboozling Attackers: A New Generation of Deception”, a recent paper they published in ACM Queue.
    A picture of Ryan Petrich and Kelly Shortridge. Kelly is dressed in costume as a Loki-kitty variant, also known as “Lokitty”, and Ryan is dressed as Agent Mobius. They are holding a tablet that reads “Lamboozling Attackers: A New Generation of Deception”, a recent paper they published in ACM Queue.
    A picture of Ryan Petrich and Kelly Shortridge. Kelly is dressed in costume as a Loki-kitty variant, also known as “Lokitty”, and Ryan is dressed as Agent Mobius. They are holding a tablet that reads “Lamboozling Attackers: A New Generation of Deception”, a recent paper they published in ACM Queue.
    4 Antworten 4 Retweets 101 Gefällt mir
    Diesen Thread anzeigen
    Diesen Thread anzeigen
    Rückgängig machen
  7. hat retweetet
    29. Okt. 2021

    Ecstatic to share my newest piece via ! Lamboozling Attackers: A New Generation of Deception & I wrote about how software eng teams can exploit attackers’ brains by building deception environments 🧠☠️ Read it & share your thinky w/ us

    7 Antworten 21 Retweets 67 Gefällt mir
    Rückgängig machen
  8. 26. Okt. 2021

    I solemnly swear that this code is up to no good 🧙

    Source code with comment that reads "The stack pointer is just made up, but we have it be something sensible so the kernel doesn't think we're up to no good. Which we are."
    5 Antworten 2 Retweets 57 Gefällt mir
    Rückgängig machen
  9. hat retweetet
    14. Okt. 2021

    is there a more glorious feel than a passion project reaching its well-earned conclusion? I am bursting with pride and can barely bottle my hype, so glittering and effervescent (I am aware this is obnoxiously vague, but all shall be revealed soon…)

    4 Antworten 1 Retweet 48 Gefällt mir
    Rückgängig machen
  10. hat retweetet
    6. Okt. 2021

    ICYMI, Your Prince of Chaos was quoted on the front page of ’s special cybersecurity edition. I love talking about brains in the infosec game and love that wrote about it, because it’s a facet of infosec that’s too often overlooked.

    A photograph of WSJ’s special issue on Cybersecurity
    A photograph of the article “the Biggest Cybersecurity Risk: Our Brains” in the WSJ
    3 Antworten 8 Retweets 76 Gefällt mir
    Rückgängig machen
  11. hat retweetet
    9. Aug. 2021

    A recent episode of Rick & Morty includes a game theoretic scenario showing an exquisite example of belief prompting. Naturally, I was inspired to model this "Thanksploitation" conflict as a decision tree using the Deciduous app, as shown in my new post:

    5 Retweets 41 Gefällt mir
    Rückgängig machen
  12. 14. Juli 2021

    Since building decision trees is such an effective tool for threat modeling systems, & I built an app to automate much of the process. Engineers, please try it out at . I hope it makes evaluating the security properties of your systems easier 🔒

    2 Antworten 10 Retweets 52 Gefällt mir
    Rückgängig machen
  13. hat retweetet
    12. Juli 2021

    I'm super excited to release Deciduous, a web app for generating security decision trees with minimal effort 🌴✨ I've been asked "what's the best tool for creating attack trees?" for years & now, with huge help from , there's finally an answer:

    25 Antworten 228 Retweets 816 Gefällt mir
    Rückgängig machen
  14. 17. Juni 2021

    Cloud service providers have effective tools for isolating every resource except for their customers' wallets

    5 Antworten 4 Retweets 44 Gefällt mir
    Rückgängig machen
  15. hat retweetet
    2. Juni 2021

    Introducing Patrolaroid, a malware scanner for AWS instances that doesn't yeet around your prod. & I made it OSS so ppl don't have to deploy sketchy security tools in prod just for basic coverage of malware, miners, toolkits, backdoors, etc.

    16 Antworten 100 Retweets 382 Gefällt mir
    Diesen Thread anzeigen
    Diesen Thread anzeigen
    Rückgängig machen
  16. 3. Juni 2021

    I built an open source malware scanner for EC2 with . It takes takes and scans snapshots instead of running on the instances themselves, so it’s much safer than many other security tools. We’re calling it Patrolaroid. Please try it out

    4 Antworten 14 Retweets 65 Gefällt mir
    Rückgängig machen
  17. hat retweetet
    1. Apr. 2021

    What if we had access to additional shift keys, allowing us to argue on the internet with letters that are EVEN MORE uppercase? An exhaustive case analysis in my latest weirdo video: “Uppestcase and Lowestcase Letters [advances in derp learning]”

    30 Antworten 124 Retweets 373 Gefällt mir
    Rückgängig machen
  18. hat retweetet
    31. März 2021

    to hell with intermediate representation bytecode. i’m ready for advanced representation bytecode; maybe expert

    2 Antworten 6 Retweets 77 Gefällt mir
    Rückgängig machen
  19. hat retweetet
    9. März 2021

    I wish "competent" wasn't considered a non-compliment by some (they seem to think it means doing the minimum?). Competence, in reality, is incredibly scarce. There is little I respect more than ruthless competence -- efficient execution with a relentless focus on outcomes 🥵

    4 Antworten 11 Retweets 105 Gefällt mir
    Rückgängig machen
  20. 20. Feb. 2021

    It freaks me out a little how aggressive the naming of gdb’s “kill inferiors” command is

    13 Antworten 5 Retweets 46 Gefällt mir
    Rückgängig machen

@rpetrich hat noch nichts getwittert.

Das Laden scheint etwas zu dauern.

Twitter ist möglicherweise überlastet oder hat einen vorübergehenden Schluckauf. Probiere es erneut oder besuche Twitter Status für weitere Informationen.

    Vielleicht gefällt dir auch

    ·