Our ISSA March event featured the SolarWinds hack. Shayne Champion reviewed the most current research into the SolarWinds hack: its timeline, scope, and methods. He discussed the supply chain repercussions this has for our environments. The presentation included the Indicators Of Compromise (IOCs) all should be looking for, as well as several open-source tools you could be using to help defend your environment.
View the Recorded Presentation on YouTube
Bio Shayne Champion is the CISO for MediSked, LLC as well as a community leader who actively serves as a mentor, trainer, and advocate. He serves on several Boards of Directors (including the Chattanooga ISSA, 2017 & 2019 Chapter of the Year), has provided training at national conferences, has been published internationally, served as an examiner for Tennessee’s state-level agency for the National Baldrige Awards, and as a mentor for SANS.
General Overviews
https://www.medisked.com/blog/solarwinds-sunburst-malware-attack-what-you-need-to-know/
https://medium.com/cloud-security/solarwinds-hack-retrospective-part-1-8107671e3314
https://medium.com/cloud-security/solarwinds-hack-retrospective-322f03b4eb9b
https://blog.adolus.com/blog/three-things-the-solarwinds-supply-chain-attack-can-teach-us
Technical Overviews
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
https://blog.reversinglabs.com/blog/sunburst-the-next-level-of-stealth
https://owasp.org/www-chapter-singapore/assets/presos/Deconstructing_the_Solarwinds_Supply_Chain_Attack_and_Deterring_it_Honing_in_on_the_Golden_SAML_Attack_Technique.pdf
Golden SAML
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
https://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html
https://www.wired.com/story/solarwinds-hacker-methods-copycats/
Congressional Hearing
https://www.cnn.com/2021/02/26/politics/solarwinds123-password-intern/index.html
OWASP
https://owasp.org/www-project-top-ten/
https://sucuri.net/guides/owasp-top-10-security-vulnerabilities-2020/
https://cheatsheetseries.owasp.org/
Comments