CatsCrdl

CatsCrdl

Daniel's thoughts on infosec

Regarding SMS 2FA

Responding to Tavis Ormandy's comments on SMS 2FA

Daniel Wyleczuk-Stern

4-Minute Read

Two Factor Authentication

I think an important question that Tavis either explicitly or accidentally omitted is “for whom”. I am not sure why he did not include this as it’s a critical component to his argument. If Tavis is stating that “SMS 2FA is ineffective for an enterprise”, then I would agree. The threat model that he is operating from is that an organization is being explicitly targeted by a motivated (though not necessarily extremely capable) attacker, who only needs minimal access…

Adding to the Dialogue - On the Release of Offensive Security Tools (OST)

After a lot of dialogue recently on the release of Offensive Security Tools, I thought I would add to the dialogue in a more long-form format.

Daniel Wyleczuk-Stern

13-Minute Read

Two Factor Authentication

Update 1 - I’m clarifying the definition of Advanced Persistent Threats (APTs) and Financially Motivated Actors (FMAs). I combined the two groups in the previous version. The content and focus of the discussion primarily centers on FMAs. APTs and FMAs can overlap in terms of TTPs, capabilities, personnel, countries, etc. What distinguishes them is motivation. FMAs, as their name implies, are financially motivated. APTs can have a number of motivations including financial, political, etc.

Getting Started with Praetorian’s ATT&CK™ Automation

We've had a couple of people reach out about how to get started with our automation. This is part one of a multipart series where we'll cover how to get started with our automation. In this post, I show how to get the automation installed, a payload up and running, and executing a basic module.

Daniel Wyleczuk-Stern

1-Minute Read

Recent Posts

Categories

About

A random collection of thoughts on cybersecurity.