Ryan "Chaps" Chapman
@rj_chap
DFIR & malware analyst. @sansforensics FOR528 Author & FOR610 Instructor. @CactusCon crew. Husband & father. Comments = own.
It's that time folks!! Our @sansforensics #Ransomware and #CyberExtortion poster is officially out! Want to learn more about how to prevent, detect, and hunt for ransomware actors? Grab the poster! #RansomwareSucks #for528
NEW | @SANSInstitute #DFIR Poster by @4enzikat0r & @rj_chap #Ransomware & #CyberExtortion poster provides an overview of the ransomware business ecosystem & with key points related to each of the major phases of a typical extortion attack Download now! sans.org/u/1uCq
We covered Scattered Spider in our June episode of Stay Ahead of Ransomware. John Wood from Unit 42 and I went off, so I wanted to take some strong notes for this month's blog article. Hope this helps some folks!
🕷️ #ScatteredSpider is targeting #SSO, #cloud, and your help desk with tactics that go far beyond #Ransomware. @rj_chap breaks down why this group is different and more dangerous. Read the blog → sans.org/u/1Ca0 #Cybersecurity #ThreatIntel #IncidentResponse
In this new Threat Assessment, Unit 42 discusses how Muddled Libra (#ScatteredSpider, #UNC3944) has enhanced its capabilities in 2025, becoming further-reaching, faster and more impactful. See what could be next for this prolific adversary: bit.ly/3EEsb1l
Starting now! Phil Hagen and @HeatherMahalik welcoming attendees to the 18th annual #DFIRSummit. Still time to join us online!
My collection of Zip disks meant the world to me back in the day. This #badgelife badge looks fantastic! Already ordered one. w00t!
We normally don't post here but... Introducing the #defcon33 DCZia #badgelife badge: The DCZia Zippy Badge! Did you ever want to wear a zipdisk around your neck and have it blink 🚨? Now you can! tindie.com/products/hamst… Shout-outs to the DCZia crew getting this together #defcon
Unplugged for the weekend. He says on X. Obviously not fully unplugged. But you get the idea :).
📣 Starting in 3 Weeks! Join top minds in #DigitalForensics & #IR at the SANS #DFIRSummit in Salt Like City on July 24-25 for: 🎤 Expert talks 💻 DFIR Bytes 🛠️ Hands-on workshops 👥 Unmatched networking 🎓 Earn 12 CPEs ➡️ Explore Agenda: sans.org/u/1zv5
Join us at #DFIRSummit when Tony Knutson walks us through how to think like an examiner — building a mindset that balances forensic accuracy w/ rapid IR decisions. 🗓️ Summit: Jul 24-25 📍 Salt Lake City, UT & Virtual ➡️ Register: sans.org/u/1zv0 #DFIR #IncidentResponse
Hey all! Reminder that I'll be running my @SANSInstitute | @sansforensics FOR528: Ransomware and Cyber Extortion course Live Online following the #DFIRSummit. Class runs July 26-29, '25. 💥 Save $600 w/ code SUMMIT*600 (reg by July 11)! 📷 Register: sans.org/u/1zv0
Would LOVE to see YOU at the @SANSInstitute | @sansforensics DFIR Summit 2025, online (FREE!) or in-person. Details in shared post below. I'll be running FOR528: Ransomware and Cyber Extortion live online following the summit. Discount code below! Come hang with us :).…
Join us TODAY at 1pm ET | 10am PT for this month's Stay Ahead of #Ransomware episode! See RT for details :).
📣 Not all #Ransomware #ThreatActors are created equal. Join hosts @rj_chap & @maridegrazia, & ransomware negotiator Kurtis Minder for a deep dive into threat actor profiling. 🗓️ July 1 | 🕐 1:00 PM ET 🔗 Set your reminder: buff.ly/y85WIFH #DFIR #Cybersecurity
Heck yeah!!
We're excited to announce a major new release of x64dbg! The main new feature is support for bitfields, enums and anonymous types, which allows all types in the Windows SDK to be represented and displayed 🔥
Please join @maridegrazia and me as we discuss threat actor profiling with @kurtisminder of @GroupSenseCyber on TOMORROW's episode of the @SANSInstitute | @sansforensics Stay Ahead of #Ransomware livestream! 📆 July 1 | 1 PM ET Set your reminder: buff.ly/y85WIFH
🔥 Join us live TOMORROW as hosts @rj_chap & @maridegrazia welcome #ransomware negotiator Kurtis Minder, to explore ransomware #ThreatActors through a behavioral lens 🔎 📆 July 1 | 1 PM ET 🔗 Set your reminder: buff.ly/y85WIFH #DFIR #Cybersecurity
Diffing a Microsoft Patch in 2025 x.com/i/broadcasts/1…
My talk at SANS #RansomwareSummit 2025 is officially uploaded now on YT youtu.be/JgiLBSWwrSs?fe…
🎤 Thrilled to have spoken at the SANS #RansomwareSummit 2025! Big thanks to @rj_chap & @maridegrazia for hosting, @MindsEyeCCF for the awesome graphic recording, and all the attendees for being a fantastic audience! Grateful to the @sansforensics team for the opportunity.
Interested in learning how to build a lab VM for malware analysis and reversing? You can download a 40+ page chapter on this topic, taken from my book Evasive Malware. Get the PDF from my blog, here: 🤓 evasivemalware.com/EvasiveMalware… CC @nostarch
You checking for "(cmd|powershell|mshta)\.exe" or similar as child processes to Chrome/browser processes? Get on it!
FileFix - A ClickFix Alternative mrd0x.com/filefix-clickf…
Some great tips on how to break into hacking as a career from @Steph3nSims. Check this out and share with those who could use it. Good luck everyone!
Breaking into a Cyber Security Career in 2025 x.com/i/broadcasts/1…
😈 Want some help getting started learning malware analysis? Check out my Malware Monday's series! Ep 01 introduces you to the venerable Process Monitor using real-world malware. You'll learn how to collect and analyze key host-based activity. youtube.com/live/b5_PUMmpw… Find…
🎉New DFIR Discussions Episode🎉 🔊Available on Spotify, Apple, & YouTube! 🎙️ We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang. Check it out and let us know what you think! open.spotify.com/episode/1SKPWF…