Ryan Thompson

Ryan Thompson is currently working as a Senior Intrusion Researcher at Crowdstrike. His primary functions include conducting post-mortem analysis on hands-on intrusions and researching attacker techniques and trends. Previously, Ryan has worked as an Instructor at Elastic teaching the Air Force, Navy, and Army to conduct threat hunting using open source tools such as Kibana, Suricata, and Zeek. Before that, he was a Senior Security Analyst at Alert Logic providing weekly recommendations to clients using packet analysis, IDS alerts, and log-based investigations. He currently holds several SANS certs and is a TA for SANS FOR508 (GCFA).

The speaker's profile picture


Watching Kittens at Play: Dissecting an Iranian Nation State Interactive Intrusion
Ryan Thompson

State-nexus threat actors are often perceived as mythological creatures that can infiltrate a system with a snap of their fingers and operate without a trace. While threat actors should not be underestimated, they work within the same constraints that operating systems place on all users. Through a retrospective look at a PIONEER KITTEN intrusion, attendees will gain insight into how nation state-nexus actors operate in the wild and how to unearth adversarial tradecraft in their own environment.

In the Weeds
Track 1 (UC Conference Rm A)