solarwinds post captured
This commit is contained in:
Brendan McDevitt
parent
d1043e01c8
commit
01b3db6dec
4 changed files with 120 additions and 1 deletions
|
|
@ -33,6 +33,8 @@ collections:
|
|||
output: true
|
||||
photos:
|
||||
output: true
|
||||
security:
|
||||
output: true
|
||||
|
||||
# Exclude from processing.
|
||||
# The following items will not be processed, by default. Create a custom list
|
||||
|
|
@ -44,4 +46,4 @@ collections:
|
|||
# - vendor/bundle/
|
||||
# - vendor/cache/
|
||||
# - vendor/gems/
|
||||
# - vendor/ruby/
|
||||
# - vendor/ruby/
|
||||
|
|
|
|||
6
_layouts/security.html
Normal file
6
_layouts/security.html
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
layout: default
|
||||
---
|
||||
<div id="security">
|
||||
{{ content }}
|
||||
</div>
|
||||
37
_security/2020-12-17-thoughts-on-solarwinds.markdown
Normal file
37
_security/2020-12-17-thoughts-on-solarwinds.markdown
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
layout: security
|
||||
title: "Thoughts on SolarWinds hack"
|
||||
0ate: 2020-12-17
|
||||
categories: security
|
||||
---
|
||||
# My thoughts on the SolarWinds hack
|
||||
## A worst case scenario
|
||||
What if a threat actor was able to compromise a software program that gave
|
||||
operators insight into the systems that live on a network? A network map if you will as well as host up/down checking abilities. Oh, and a centralized storage place for credentials?
|
||||
What if the government (and a whole bunch of other companies with sensitive information) ran this software across alot of its infrastructure?
|
||||
|
||||
Well that software was SolarWinds, and it has been owned. A nation-state level attack believed to be from Russian hacking group [APT29/CozyBear](https://en.wikipedia.org/wiki/Cozy_Bear) are believed to be behind the hack. They
|
||||
have compromised many of the internal government networks and work is ongoing to
|
||||
investigate the damage of companies and government agencies alike.
|
||||
|
||||
As I am fairly fresh into a new security research position at [Kenna Security](https://www.kennasecurity.com/)
|
||||
I want to begin this with a realization that targeted hacking has been going on for years. Me being a civilian, I have limited insight into the true nature of the intelligence operations that are constantly occurring across both the civilian/corporate internet and militarized networks. But I still do understand that this is something that is constantly occurring and one of the prime motivators for me to start learning about this space. I wanted to understand how the world works, and who controls the computers that control everything.
|
||||
|
||||
Information control is everything in the world today, and the United States
|
||||
intelligence agencies have developed the systems to capture and collect
|
||||
a whole bunch of data. This will always be a target to foreign nation-states. Systems will need
|
||||
to be rebuilt from scratch and systems needs to start being forensically imaged/copied and analyzed by
|
||||
incident response teams and really really skilled hackers and programmers to try to
|
||||
rebuild things in a much more secure manner and track the nation state hackers
|
||||
footprints.
|
||||
|
||||
I will be doing my best to start to better track down threat actors around the
|
||||
internet. Everybody in this space that is responsbile for securing
|
||||
infrastructure needs to always have a paranoid mindset and understand the
|
||||
realization of the world that we are in today. SolarWinds will not be the first
|
||||
example of this as we the future continue to unfold.
|
||||
|
||||
### Source list:
|
||||
- [FireEye Advisory](https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html)
|
||||
- [DHS Emergency Directive](https://cyber.dhs.gov/ed/21-01/)
|
||||
- [CISA Alert AA20-352A](https://us-cert.cisa.gov/ncas/alerts/aa20-352a)
|
||||
|
|
@ -112,6 +112,22 @@ ul.programming {
|
|||
font-size: 80%;
|
||||
}
|
||||
|
||||
# security
|
||||
ul.security {
|
||||
list-style-type: none;
|
||||
margin-bottom: 2em;
|
||||
}
|
||||
|
||||
ul.security li {
|
||||
line-height: 1.75em;
|
||||
}
|
||||
|
||||
ul.security span {
|
||||
color: #aaa;
|
||||
font-family: Monaco, "Courier New", monospace;
|
||||
font-size: 80%;
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
/*
|
||||
/* Site
|
||||
|
|
@ -298,4 +314,62 @@ ul.programming {
|
|||
#related h2 {
|
||||
margin-bottom: 1em;
|
||||
}
|
||||
/*****************************************************************************/
|
||||
/*
|
||||
/* Security
|
||||
/*
|
||||
/*****************************************************************************/
|
||||
|
||||
#security {
|
||||
|
||||
}
|
||||
|
||||
/* standard */
|
||||
|
||||
#security pre {
|
||||
border: 1px solid #ddd;
|
||||
background-color: #eef;
|
||||
padding: 0 .4em;
|
||||
}
|
||||
|
||||
#security ul,
|
||||
#security ol {
|
||||
margin-left: 1.35em;
|
||||
}
|
||||
|
||||
#security code {
|
||||
border: 1px solid #ddd;
|
||||
background-color: #eef;
|
||||
font-size: 85%;
|
||||
padding: 0 .2em;
|
||||
}
|
||||
|
||||
#security pre code {
|
||||
border: none;
|
||||
}
|
||||
|
||||
#security img {
|
||||
max-width: 42em;
|
||||
padding: 1em 0;
|
||||
}
|
||||
|
||||
/* terminal */
|
||||
|
||||
#security pre.terminal {
|
||||
border: 1px solid black;
|
||||
background-color: #333;
|
||||
color: white;
|
||||
}
|
||||
|
||||
#security pre.terminal code {
|
||||
background-color: #333;
|
||||
}
|
||||
|
||||
#related {
|
||||
margin-top: 2em;
|
||||
}
|
||||
|
||||
#related h2 {
|
||||
margin-bottom: 1em;
|
||||
}
|
||||
/
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue