Phishing as a Service 2.0: The Franchise Model of Cybercrime
The Golden Arches of Malice When you think of franchising, you probably picture McDonald’s, Starbucks, or Subway — not cybercriminals. But the uncomfortable truth is that modern cybercrime looks a lot less like “lone hacker in a hoodie” and a lot more like fast food chains. Instead of flipping burgers, ... Read More
LLMs in Security Operations: Helpful Sidekick or Hallucinating Intern?
Large language models (LLMs) are everywhere now. Your inbox, your SIEM, maybe even embedded in your security tool’s new “AI assistant” tab. It’s tempting to believe these tools are ready to triage alerts, write detections, and handle analyst fatigue all on their own. They aren’t. Not yet. But that doesn’t ... Read More
Trust Engineering: Building Security People Actually Believe In
Security doesn’t work without trust. You can deploy all the right tools, write high-fidelity detections, and put together a solid incident response plan—but if the engineers roll their eyes every time you file a ticket, or leadership treats your risk assessments like noise, the entire program grinds down. This post ... Read More
The Detection Rebuild, Part 2: Automating Detection Engineering Without Breaking the SOC
Coming off the heels of Part 1, where we focused on fixing the signal problem, Part 2 is all about scale. Because once you’ve cleaned up your alerts and improved your detection quality, the next question is: how do you keep it that way without burning your team out? This ... Read More
The Detection Rebuild, Part 1: Fixing the Signal Problem
How to Stop Drowning in False Positives and Start Surfacing Real Threats Let’s be honest: most security teams aren’t short on alerts—they’re short on good ones. Every SOC eventually hits the same wall: too many alerts, not enough signal, and a growing pile of detection rules no one wants to ... Read More
Tycoon 2FA: How Storm-1747 Built an MFA-Bypassing Phishing Empire
We used to believe MFA was the ultimate line of defense. Then phishing kits like Tycoon 2FA showed up and proved otherwise. Unlike the crude clones of years past, Tycoon 2FA leverages Adversary-in-the-Middle (AiTM) tactics to seamlessly intercept credentials and MFA tokens in real time. It looks polished, behaves like ... Read More
The Real Threat in the Middle: How Mid-Stage Adversaries Are Outsmarting MFA and Scaling Fast
For years, multi-factor authentication (MFA) has been the security world’s favorite answer to “what should we do about phishing?” But attackers don’t wait for the controls to get better—they evolve around them. Enter the mid-stage adversary: a new class of attacker that’s rapidly scaling intrusions with help from phishing-as-a-service (PhaaS) ... Read More
Security Debt Is Worse Than Tech Debt — and Twice as Invisible
Security Debt Is Worse Than Tech Debt — and Twice as Invisible We talk about tech debt like it’s a necessary evil. Move fast, break things, fix it later. Everyone’s cool with that. But security debt? That’s the quiet killer. It creeps in unnoticed, hides in your TODOs, and doesn’t ... Read More
Why AI is Just Another Tool in Our Blue Team Toolbox
You can’t scroll through LinkedIn, attend a security conference, or open a vendor whitepaper these days without hearing that AI is about to replace the SOC. Some companies claim AI can triage alerts, write detections, respond to incidents, and make coffee while you’re still getting through your inbox. Let me ... Read More
How I Got ChatGPT to Write Ransomware (and Why That Actually Matters)
Introduction: The AI Cybersecurity Paradox If you’ve ever tried to ask ChatGPT to help you build ransomware, chances are you got shut down fast. Like, brick-wall fast. That’s because AI models like ChatGPT are built with strong ethical guardrails that are designed to prevent the creation of malware, exploits, and ... Read More
