Daniel's thoughts on infosec

Azure Flow Log Analysis

Azure flow logs don't have the same instance ID that AWS flow logs do. So how do you figure out which VM the logs came from?

Daniel Wyleczuk-Stern

7-Minute Read


Disclaimer I currently work at Snowflake and use the product on a daily basis for log analysis and threat detection. At the time of this writing, that probably adds bias to my article.

Regarding SMS 2FA

Responding to Tavis Ormandy's comments on SMS 2FA

Daniel Wyleczuk-Stern

4-Minute Read

Two Factor Authentication

I think an important question that Tavis either explicitly or accidentally omitted is “for whom”. I am not sure why he did not include this as it’s a critical component to his argument. If Tavis is stating that “SMS 2FA is ineffective for an enterprise”, then I would agree. The threat model that he is operating from is that an organization is being explicitly targeted by a motivated (though not necessarily extremely capable) attacker, who only needs minimal access…

Adding to the Dialogue - On the Release of Offensive Security Tools (OST)

After a lot of dialogue recently on the release of Offensive Security Tools, I thought I would add to the dialogue in a more long-form format.

Daniel Wyleczuk-Stern

13-Minute Read

Two Factor Authentication

Update 1 - I’m clarifying the definition of Advanced Persistent Threats (APTs) and Financially Motivated Actors (FMAs). I combined the two groups in the previous version. The content and focus of the discussion primarily centers on FMAs. APTs and FMAs can overlap in terms of TTPs, capabilities, personnel, countries, etc. What distinguishes them is motivation. FMAs, as their name implies, are financially motivated. APTs can have a number of motivations including financial, political, etc.

Recent Posts



A random collection of thoughts on cybersecurity.