-
Tycoon 2FA: How Storm-1747 Built an MFA-Bypassing Phishing Empire
We used to believe MFA was the ultimate line of defense. Then phishing kits like Tycoon 2FA showed up and proved otherwise. Unlike the crude clones of years past, Tycoon 2FA leverages Adversary-in-the-Middle (AiTM) tactics to seamlessly intercept credentials and MFA tokens in real time. It looks polished, behaves like the real thing, and operates…
-
The Real Threat in the Middle: How Mid-Stage Adversaries Are Outsmarting MFA and Scaling Fast
For years, multi-factor authentication (MFA) has been the security world’s favorite answer to “what should we do about phishing?” But attackers don’t wait for the controls to get better—they evolve around them. Enter the mid-stage adversary: a new class of attacker that’s rapidly scaling intrusions with help from phishing-as-a-service (PhaaS) platforms and adversary-in-the-middle (AiTM) toolkits.…
-
Security Debt Is Worse Than Tech Debt — and Twice as Invisible
Security Debt Is Worse Than Tech Debt — and Twice as Invisible We talk about tech debt like it’s a necessary evil. Move fast, break things, fix it later. Everyone’s cool with that. But security debt? That’s the quiet killer. It creeps in unnoticed, hides in your TODOs, and doesn’t scream until you’ve got ransomware…
-
Why AI is Just Another Tool in Our Blue Team Toolbox
You can’t scroll through LinkedIn, attend a security conference, or open a vendor whitepaper these days without hearing that AI is about to replace the SOC. Some companies claim AI can triage alerts, write detections, respond to incidents, and make coffee while you’re still getting through your inbox. Let me be blunt: That’s not happening.…
-
How I Got ChatGPT to Write Ransomware (and Why That Actually Matters)
Introduction: The AI Cybersecurity Paradox If you’ve ever tried to ask ChatGPT to help you build ransomware, chances are you got shut down fast. Like, brick-wall fast. That’s because AI models like ChatGPT are built with strong ethical guardrails that are designed to prevent the creation of malware, exploits, and anything remotely shady. And that’s…
-
Detection Engineering 101: Using AI to Write One Rule and Convert It Everywhere
Detection engineering is a beautiful, frustrating, and often tedious art. You write a killer detection for one SIEM, pat yourself on the back, and then—bam—your SOC lead tells you it also needs to work in Splunk. And Sentinel. And whatever other logging monstrosity they’re using this week. Now, you have two choices: Welcome to the…
-
Why SOC Automation Usually Fails: Lessons from the Field
Security Operations Centers (SOCs) are always under pressure—too many alerts, not enough analysts, and an ever-growing attack surface. Enter automation, the supposed magic bullet to eliminate manual work, reduce response times, and make security teams more efficient. Except… it rarely works as advertised. Despite the promises of AI-driven SOAR (Security Orchestration, Automation, and Response) and…
-
The Trojan Sysadmin: How I Got an AI to Build a Wolf in Sheep’s Clothing
There’s been endless debate about whether AI can churn out malicious code—or if it’s too principled to cross that line. So, I took Grok 3 for a spin to find out. My goal? Trick it into writing what’s basically ransomware. Spoiler: it was a cakewalk. Objective The experiment explored whether an AI language model (Grok…
-
The Practitioner’s Guide to Kubernetes Security
Kubernetes has change the way we deploy and manage containerized applications, enabling scalability and automation in ways we never imagined. However, with great power comes great responsibility. Which means a whole lot more complexity and security challenges. From misconfigured RBAC to exposed APIs, Kubernetes clusters are a prime target for attackers. Securing a Kubernetes environment…
-
Securing Data in a Privacy-First World: Challenges and Solutions
I’ve decided to change it up a bit and switch to a conversation on protecting sensitive data in your cloud environments. But, it still has a SecOps feel! I’m focusing on AWS in this post, but this should be applied anywhere, no matter the cloud host. This technical guide dives into how organizations can secure…
Engineering is annoying.
