Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/ SUNSPOT: An Implant in the Build Process www.crowdstrike.com/blog/sunspot-malware-technical-analysis/ Senate Hearings www.intelligence.senate.gov/hearings/open-hearing-hearing-hack-us-networks-foreign-adversary WATCH: Senate committee hears testimony on SolarWinds hack kzread.info/dash/bejne/e4Sj3LqgfdSzkco.html 60 Minutes Solarwinds "Experts warn U.S. needs new cyber strategy" kzread.info/dash/bejne/c56Mj7mnepqbc5M.html Trustwave & SpiderLabs Blog on other Vulnerabilities Found www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/

@rxseqvartz5679

3 жыл бұрын

Thanks for providing the resources!

So many talented people here on both the side figuring out how to do these attacks and the side piecing all the clues together to figure out how it could have happened.

now searching for the "teaching sand to think....." shirt!

@LAWRENCESYSTEMS

3 жыл бұрын

That is a Level1 Tech shirt store.level1techs.com/

Tom you are bad ass! I moved from unifi to a NG5100. And am never turning back! Thanks for opening my eyes.

Thanks for the video, I have found this information to be really helpful. Hope you are well mate and keep up the good work

Excellent summary as usual.

Really enjoyed this video and shared it with my students. Thanks!

@LAWRENCESYSTEMS

2 жыл бұрын

Awesome! Thank you!

Video much appreciated. Glad you pointed out how some media was viewing this VERY wrong. The goals were not destruction.

@LAWRENCESYSTEMS

3 жыл бұрын

I just did a video on having no pfsense peers kzread.info/dash/bejne/n4x7krSMmLTIkdo.html

As always, informative and entertaining, thanks Tom. Ohh loving the T-shirt. :-)

@LAWRENCESYSTEMS

3 жыл бұрын

Awesome, thank you!

Thanks for your summary!

FYI. 10,000 hours of investigation experience. Coincidentally this is the amount of hours needed quoted by researchers that say this number of hours of study in a specific field to be considered to be expert.

Hey, SolarWinds CEO will be talking here: @t - along with Bikash Barai from FireCompass on 25th June - You can ask him directly

Let's consider the expertise and capabilities of US to uncover this sophisticated attack .... Flip side of coin is , if they can uncover this type of attack , surely they can do this kind of attack on others

Go into Pentesting. There will always be a great need by organizations to have individuals who test a companies defenses against threat actors. This requires cooperation by so many people involved. Software engineers, software developers, network engineers, cybersecurity specialists, etc.

I've got a great idea. Lets install an agent on all of our infrastructure with root access that phones home to a third party to remotely control. What could possibly go wrong?!?!

Im from Russia, and from a city where Geekbrains company operates, PROBABLY Kremlin used them because SolarWinds used Geekbrains products, press F for Geekbrains and for the rest russian developers, I told them to relocate in 2016 into EU, but they were over-optimistic

The most important question, who did this and what did they get?

Great info thx. Any updates especially on SPIRAL the Chinese hacker group ? Maltronix has a video but speaks fast Having trouble following.

All this was infiltration in the network and they just got compromised in their reconn. APT goal is to get in and remain undetected in the network.

Occam's Razor: cherchez la femme. A code was put in by a (sex) paid person with the old times USB key. :-D

The important thing to look at it the source code that was targeted. They need to go back and look at former N-Able devs before solar winds bought the software. They need to investigate the devs and get those original devs to look over the code on The build server. Edit- oh. You got the .dlls. That is really wha the victimized companies should have.

That's what happens if a lot of companies use a black box in their ecosystem. Not everything benefits from being open source, this though? 100%.

H.S.I. RULES!!!

BATMAN 👑

@yourcomfortzone365

Жыл бұрын

Batman

Well, when too many people work on this , the sooner it leaks, so i do not think it would be 1000 people.....

10:47 is there a full version of this speech on line ? if so where please.... Keep the videos flowing....

@LAWRENCESYSTEMS

3 жыл бұрын

That's from the Senate hearings, Links posted in the pinned comment

@philsbbs

3 жыл бұрын

@@LAWRENCESYSTEMS thanks.

The most similar thing to this in the past is Stuxnet. Therefore, the most likely conclusion is that this was a multinational APT.

SO ORION AND FIREEYE/SUNBURST IS LIKE A FOCAL POINT; CENTERAL POINT OF FAILURE?

Sorry Kevin (firedeye)- 10000 hours(quoted) by 100 staff is 125 days @8 hour working day. It really feels like they stumbled onto or got lucky with this compromise and it was not because of good security monitoring.

@zakariafarah1101

Жыл бұрын

10, 000 hrs. is about 400 days, divide by 100 engineers is just over 4 days. Remember the engineers are working concurrently if not continuously. If there were no 100 engineers working 24/7 then you could say it took them about a week to uncover the plot which is remarkable considering the malware was lurking in many systems for almost a year. Their monitoring system already alerted there is a compromise but that does not mean the systems knows how or where was the compromise.

WHYBIS IT HARD TO TRACK A SERVER IP? UNLESS I DON'T KNOW THE POWER OF MASKING'S IP'S nmap maybe isn't it a firewall internal icmp red flag? Im thinking an inside job!