Search

SolarWinds hack: What you need to know and what you should be doing about it

Our ISSA March event featured the SolarWinds hack. Shayne Champion reviewed the most current research into the SolarWinds hack: its timeline, scope, and methods. He discussed the supply chain repercussions this has for our environments. The presentation included the Indicators Of Compromise (IOCs) all should be looking for, as well as several open-source tools you could be using to help defend your environment.

View the Recorded Presentation on YouTube

https://youtu.be/VzBE529QCog

Bio Shayne Champion is the CISO for MediSked, LLC as well as a community leader who actively serves as a mentor, trainer, and advocate. He serves on several Boards of Directors (including the Chattanooga ISSA, 2017 & 2019 Chapter of the Year), has provided training at national conferences, has been published internationally, served as an examiner for Tennessee’s state-level agency for the National Baldrige Awards, and as a mentor for SANS.


  • General Overviews

  • https://www.medisked.com/blog/solarwinds-sunburst-malware-attack-what-you-need-to-know/

  • https://medium.com/cloud-security/solarwinds-hack-retrospective-part-1-8107671e3314

  • https://medium.com/cloud-security/solarwinds-hack-retrospective-322f03b4eb9b

  • https://blog.adolus.com/blog/three-things-the-solarwinds-supply-chain-attack-can-teach-us

  • Technical Overviews

  • https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/

  • https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/

  • https://blog.reversinglabs.com/blog/sunburst-the-next-level-of-stealth

  • https://owasp.org/www-chapter-singapore/assets/presos/Deconstructing_the_Solarwinds_Supply_Chain_Attack_and_Deterring_it_Honing_in_on_the_Golden_SAML_Attack_Technique.pdf

  • Golden SAML

  • https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

  • https://us-cert.cisa.gov/ncas/alerts/aa20-352a

  • https://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html

  • https://www.wired.com/story/solarwinds-hacker-methods-copycats/

  • Congressional Hearing

  • https://www.cnn.com/2021/02/26/politics/solarwinds123-password-intern/index.html

  • OWASP

  • https://owasp.org/www-project-top-ten/

  • https://sucuri.net/guides/owasp-top-10-security-vulnerabilities-2020/

  • https://cheatsheetseries.owasp.org/

5 views0 comments