Daniel's thoughts on infosec
While the hotel bar and the restaurants right around it present an easy opportunity to fill up, I feel like I owe it to provide some recommendations of where I think some of the best places to hang out around the hotel are.
Some of these recommendtions work best for Shmoocon in March vs Shmoocon in the cold of January.
Azure flow logs don't have the same instance ID that AWS flow logs do. So how do you figure out which VM the logs came from?
Disclaimer I currently work at Snowflake and use the product on a daily basis for log analysis and threat detection. At the time of this writing, that probably adds bias to my article.
Responding to Tavis Ormandy's comments on SMS 2FA
I think an important question that Tavis either explicitly or accidentally omitted is “for whom”. I am not sure why he did not include this as it’s a critical component to his argument. If Tavis is stating that “SMS 2FA is ineffective for an enterprise”, then I would agree. The threat model that he is operating from is that an organization is being explicitly targeted by a motivated (though not necessarily extremely capable) attacker, who only needs minimal access…
A random collection of thoughts on cybersecurity.