diff --git a/_config.yml b/_config.yml index 12c2c42..39b5368 100644 --- a/_config.yml +++ b/_config.yml @@ -33,6 +33,8 @@ collections: output: true photos: output: true + security: + output: true # Exclude from processing. # The following items will not be processed, by default. Create a custom list @@ -44,4 +46,4 @@ collections: # - vendor/bundle/ # - vendor/cache/ # - vendor/gems/ -# - vendor/ruby/ \ No newline at end of file +# - vendor/ruby/ diff --git a/_layouts/security.html b/_layouts/security.html new file mode 100644 index 0000000..7f2b4ea --- /dev/null +++ b/_layouts/security.html @@ -0,0 +1,6 @@ +--- +layout: default +--- +
+{{ content }} +
diff --git a/_security/2020-12-17-thoughts-on-solarwinds.markdown b/_security/2020-12-17-thoughts-on-solarwinds.markdown new file mode 100644 index 0000000..3fd1709 --- /dev/null +++ b/_security/2020-12-17-thoughts-on-solarwinds.markdown @@ -0,0 +1,37 @@ +--- +layout: security +title: "Thoughts on SolarWinds hack" +0ate: 2020-12-17 +categories: security +--- +# My thoughts on the SolarWinds hack +## A worst case scenario +What if a threat actor was able to compromise a software program that gave +operators insight into the systems that live on a network? A network map if you will as well as host up/down checking abilities. Oh, and a centralized storage place for credentials? +What if the government (and a whole bunch of other companies with sensitive information) ran this software across alot of its infrastructure? + +Well that software was SolarWinds, and it has been owned. A nation-state level attack believed to be from Russian hacking group [APT29/CozyBear](https://en.wikipedia.org/wiki/Cozy_Bear) are believed to be behind the hack. They +have compromised many of the internal government networks and work is ongoing to +investigate the damage of companies and government agencies alike. + +As I am fairly fresh into a new security research position at [Kenna Security](https://www.kennasecurity.com/) +I want to begin this with a realization that targeted hacking has been going on for years. Me being a civilian, I have limited insight into the true nature of the intelligence operations that are constantly occurring across both the civilian/corporate internet and militarized networks. But I still do understand that this is something that is constantly occurring and one of the prime motivators for me to start learning about this space. I wanted to understand how the world works, and who controls the computers that control everything. + +Information control is everything in the world today, and the United States +intelligence agencies have developed the systems to capture and collect +a whole bunch of data. This will always be a target to foreign nation-states. Systems will need +to be rebuilt from scratch and systems needs to start being forensically imaged/copied and analyzed by +incident response teams and really really skilled hackers and programmers to try to +rebuild things in a much more secure manner and track the nation state hackers +footprints. + +I will be doing my best to start to better track down threat actors around the +internet. Everybody in this space that is responsbile for securing +infrastructure needs to always have a paranoid mindset and understand the +realization of the world that we are in today. SolarWinds will not be the first +example of this as we the future continue to unfold. + +### Source list: +- [FireEye Advisory](https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html) +- [DHS Emergency Directive](https://cyber.dhs.gov/ed/21-01/) +- [CISA Alert AA20-352A](https://us-cert.cisa.gov/ncas/alerts/aa20-352a) diff --git a/css/screen.css b/css/screen.css index 67488f8..80f3a80 100644 --- a/css/screen.css +++ b/css/screen.css @@ -112,6 +112,22 @@ ul.programming { font-size: 80%; } +# security +ul.security { + list-style-type: none; + margin-bottom: 2em; +} + + ul.security li { + line-height: 1.75em; + } + + ul.security span { + color: #aaa; + font-family: Monaco, "Courier New", monospace; + font-size: 80%; + } + /*****************************************************************************/ /* /* Site @@ -298,4 +314,62 @@ ul.programming { #related h2 { margin-bottom: 1em; } +/*****************************************************************************/ +/* +/* Security +/* +/*****************************************************************************/ +#security { + +} + + /* standard */ + + #security pre { + border: 1px solid #ddd; + background-color: #eef; + padding: 0 .4em; + } + + #security ul, + #security ol { + margin-left: 1.35em; + } + + #security code { + border: 1px solid #ddd; + background-color: #eef; + font-size: 85%; + padding: 0 .2em; + } + + #security pre code { + border: none; + } + + #security img { + max-width: 42em; + padding: 1em 0; + } + + /* terminal */ + + #security pre.terminal { + border: 1px solid black; + background-color: #333; + color: white; + } + + #security pre.terminal code { + background-color: #333; + } + +#related { + margin-top: 2em; +} + + #related h2 { + margin-bottom: 1em; +} +/