About
Activity
-
I am excited to share the addition of two outstanding industry leaders to the Discover Financial Services Technology Leadership Team. Sunil Seshadri…
I am excited to share the addition of two outstanding industry leaders to the Discover Financial Services Technology Leadership Team. Sunil Seshadri…
Liked by Ryan Wisniewski
-
The Obsidian Security Research Team has identified a concerning attack vector, Shadow Linking, enabling threat actors to takeover and maintain…
The Obsidian Security Research Team has identified a concerning attack vector, Shadow Linking, enabling threat actors to takeover and maintain…
Liked by Ryan Wisniewski
-
Exciting Opportunity for CISOs, VPs, CIOs, CTOs! Join us on July 17th at the Hilton Nashville Downtown for an exclusive workshop designed to elevate…
Exciting Opportunity for CISOs, VPs, CIOs, CTOs! Join us on July 17th at the Hilton Nashville Downtown for an exclusive workshop designed to elevate…
Liked by Ryan Wisniewski
Experience & Education
Licenses & Certifications
Volunteer Experience
-
Information Security Engineer
THOTCON
- Present 5 years 10 months
Social Services
THOTCON Cyber Security Awareness Action Day 2018
On Cyber Security Action Day, Saturday, October 13, THOTCON is mobilizing over 150 cyber security experts to visit CPL locations around the city. They will provide anyone who visits with them assistance on three important areas of cyber security: passwords, patching (updates) and privacy settings.
https://www.chipublib.org/blogs/post/guest-blog-cyber-security-take-action-saturday-october-13/ -
Public Speaker
Security Bsides
- Present 6 years
Science and Technology
Publications
-
Behind the Breach: Cross-tenant Impersonation in Okta
Obsidian Security
This blog post by the Obsidian Threat Research team highlights the significant risk posed by cross-tenant impersonation within Okta environments, which allows attackers to gain access to and impersonate legitimate users, potentially compromising sensitive data. The technique involves gaining privileged access to Okta Admin Console, setting up a new SAML or OpenID Connect Identity Provider (IdP), and establishing account matching. Attackers configure routing rules and alter sign-on policies to…
This blog post by the Obsidian Threat Research team highlights the significant risk posed by cross-tenant impersonation within Okta environments, which allows attackers to gain access to and impersonate legitimate users, potentially compromising sensitive data. The technique involves gaining privileged access to Okta Admin Console, setting up a new SAML or OpenID Connect Identity Provider (IdP), and establishing account matching. Attackers configure routing rules and alter sign-on policies to bypass Multi-Factor Authentication (MFA) and log in as the user without credentials or MFA. The post provides guidance on detecting and responding to this technique within an organization's SaaS environment, including log events to monitor and alert setup recommendations. It emphasizes the importance of a timely response to minimize the impact of such attacks.
Other authorsSee publication -
Behind The Breach: Social Engineering of Helpdesk Agents
Obsidian Security
The blog from the Obsidian Threat Research team discusses an increasing trend in SaaS compromises initiated through social engineering of helpdesk agents. Attackers typically impersonate key IT personnel, requesting password resets and MFA deactivation. Once successful, they execute malicious activities, including data theft and ransomware attacks. The post outlines the attack's phases, details the logs associated with the attack, and provides measures for detection and mitigation. It…
The blog from the Obsidian Threat Research team discusses an increasing trend in SaaS compromises initiated through social engineering of helpdesk agents. Attackers typically impersonate key IT personnel, requesting password resets and MFA deactivation. Once successful, they execute malicious activities, including data theft and ransomware attacks. The post outlines the attack's phases, details the logs associated with the attack, and provides measures for detection and mitigation. It recommends crafting specific queries and filtering options to identify suspicious activities and underlines the importance of identity verification as a preventive measure against these social engineering attacks.
-
Distributed alerting with the Elastic Stack
Elastic
The blog discusses the challenges modern computing environments and distributed workforces pose to traditional information security strategies, especially in the context of cloud computing, remote work, and flexible technology usage. It highlights the difficulty of securing environments that allow high-risk activities without IT involvement and the need for scalable detection and response practices. The solution proposed is distributed alerting, which empowers Threat Detection and Response…
The blog discusses the challenges modern computing environments and distributed workforces pose to traditional information security strategies, especially in the context of cloud computing, remote work, and flexible technology usage. It highlights the difficulty of securing environments that allow high-risk activities without IT involvement and the need for scalable detection and response practices. The solution proposed is distributed alerting, which empowers Threat Detection and Response teams to confirm or escalate potentially risky activities. Good candidates for distributed alerts are activities presenting high security risks with no clear context of malicious intent, such as the registration of new Multi-Factor Authentication devices. The blog also outlines their threat detection strategy, which categorizes events into logs, signals, and alerts, and explains how they distribute alerts using their Elastic Stack and Tines no-code automation platform. This approach aims to validate administrative activities and other events at an enterprise scale without relying on a traditional Security Operations Center (SOC).
-
Ask Mr. Catalog
IBM
- What is new in z/OS V2R1 for DFSMS Catalog
- Best practices for managing your catalogsOther authorsSee publication -
How To Manage Your Catalogs
IBM
Many errors you see regarding to your Catalogs may seem catastrophic to your systems. However, many can be resolved with simple commands. This article provides a brief summary of each error and resolution.
Other authorsSee publication
Patents
Organizations
-
GIAC Advisory Board
Board Member
- Present
More activity by Ryan
-
📣 Red Teamers 📣 If you come across a cloud based IdP in your assessments, please make sure all of these techniques are in your arsenal. We…
📣 Red Teamers 📣 If you come across a cloud based IdP in your assessments, please make sure all of these techniques are in your arsenal. We…
Shared by Ryan Wisniewski
-
My first talk finally landed on YouTube from SpecterOps So-Con24, looking forward to doing it again on a new topic (but can’t bring myself to watch…
My first talk finally landed on YouTube from SpecterOps So-Con24, looking forward to doing it again on a new topic (but can’t bring myself to watch…
Liked by Ryan Wisniewski
-
The US Department of Health and Human Services (HHS) has issued a warning to healthcare organizations about an increase in help desk social…
The US Department of Health and Human Services (HHS) has issued a warning to healthcare organizations about an increase in help desk social…
Liked by Ryan Wisniewski
-
Workshop 1 - kicking off at the Australian Information Security Association (AISA) #sydneysec
Workshop 1 - kicking off at the Australian Information Security Association (AISA) #sydneysec
Liked by Ryan Wisniewski
People also viewed
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Ryan Wisniewski in United States
-
Ryan Wisniewski
Computer scientist with professional experience as a software engineer at Torch Technologies.
-
Ryan Wisniewski
Software Engineer II
-
Ryan Wisniewski
-
Ryan Wisniewski
40 others named Ryan Wisniewski in United States are on LinkedIn
See others named Ryan Wisniewski