From 01b3db6dec27f2ba56157aad72618410de0279df Mon Sep 17 00:00:00 2001
From: Brendan McDevitt <bpmcdevitt@gmail.com>
Date: Fri, 18 Dec 2020 01:43:15 -0500
Subject: [PATCH] solarwinds post captured

---
 _config.yml                                   |  4 +-
 _layouts/security.html                        |  6 ++
 ...2020-12-17-thoughts-on-solarwinds.markdown | 37 ++++++++++
 css/screen.css                                | 74 +++++++++++++++++++
 4 files changed, 120 insertions(+), 1 deletion(-)
 create mode 100644 _layouts/security.html
 create mode 100644 _security/2020-12-17-thoughts-on-solarwinds.markdown

diff --git a/_config.yml b/_config.yml
index 12c2c42..39b5368 100644
--- a/_config.yml
+++ b/_config.yml
@@ -33,6 +33,8 @@ collections:
         output: true
     photos:
         output: true
+    security:
+        output: true
 
 # Exclude from processing.
 # The following items will not be processed, by default. Create a custom list
@@ -44,4 +46,4 @@ collections:
 #   - vendor/bundle/
 #   - vendor/cache/
 #   - vendor/gems/
-#   - vendor/ruby/
\ No newline at end of file
+#   - vendor/ruby/
diff --git a/_layouts/security.html b/_layouts/security.html
new file mode 100644
index 0000000..7f2b4ea
--- /dev/null
+++ b/_layouts/security.html
@@ -0,0 +1,6 @@
+---
+layout: default
+---
+<div id="security">
+{{ content }}
+</div>
diff --git a/_security/2020-12-17-thoughts-on-solarwinds.markdown b/_security/2020-12-17-thoughts-on-solarwinds.markdown
new file mode 100644
index 0000000..3fd1709
--- /dev/null
+++ b/_security/2020-12-17-thoughts-on-solarwinds.markdown
@@ -0,0 +1,37 @@
+---
+layout: security
+title:  "Thoughts on SolarWinds hack"
+0ate:  2020-12-17
+categories: security 
+---
+# My thoughts on the SolarWinds hack
+## A worst case scenario
+What if a threat actor was able to compromise a software program that gave
+operators insight into the systems that live on a network? A network map if you will as well as host up/down checking abilities. Oh, and a centralized storage place for credentials?
+What if the government (and a whole bunch of other companies with sensitive information) ran this software across alot of its infrastructure?
+
+Well that software was SolarWinds, and it has been owned. A nation-state level attack believed to be from Russian hacking group [APT29/CozyBear](https://en.wikipedia.org/wiki/Cozy_Bear) are believed to be behind the hack. They
+have compromised many of the internal government networks and work is ongoing to
+investigate the damage of companies and government agencies alike.
+
+As I am fairly fresh into a new security research position at [Kenna Security](https://www.kennasecurity.com/) 
+I want to begin this with a realization that targeted hacking has been going on for years. Me being a civilian, I have limited insight into the true nature of the intelligence operations that are constantly occurring across both the civilian/corporate internet and militarized networks. But I still do understand that this is something that is constantly occurring and one of the prime motivators for me to start learning about this space. I wanted to understand how the world works, and who controls the computers that control everything.
+
+Information control is everything in the world today, and the United States
+intelligence agencies have developed the systems to capture and collect
+a whole bunch of data. This will always be a target to foreign nation-states. Systems will need
+to be rebuilt from scratch and systems needs to start being forensically imaged/copied and analyzed by
+incident response teams and really really skilled hackers and programmers to try to
+rebuild things in a much more secure manner and track the nation state hackers
+footprints.
+
+I will be doing my best to start to better track down threat actors around the
+internet. Everybody in this space that is responsbile for securing
+infrastructure needs to always have a paranoid mindset and understand the
+realization of the world that we are in today. SolarWinds will not be the first
+example of this as we the future continue to unfold.
+
+### Source list:
+- [FireEye Advisory](https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html)
+- [DHS Emergency Directive](https://cyber.dhs.gov/ed/21-01/)
+- [CISA Alert AA20-352A](https://us-cert.cisa.gov/ncas/alerts/aa20-352a)
diff --git a/css/screen.css b/css/screen.css
index 67488f8..80f3a80 100644
--- a/css/screen.css
+++ b/css/screen.css
@@ -112,6 +112,22 @@ ul.programming {
     font-size: 80%;
   }
 
+# security
+ul.security {
+  list-style-type: none;
+  margin-bottom: 2em;
+}
+
+  ul.security li {
+    line-height: 1.75em;
+  }
+
+  ul.security span {
+    color: #aaa;
+    font-family: Monaco, "Courier New", monospace;
+    font-size: 80%;
+  }
+
 /*****************************************************************************/
 /*
 /* Site
@@ -298,4 +314,62 @@ ul.programming {
   #related h2 {
     margin-bottom: 1em;
 }
+/*****************************************************************************/
+/*
+/* Security 
+/*
+/*****************************************************************************/
 
+#security {
+
+}
+
+  /* standard */
+
+  #security pre {
+    border: 1px solid #ddd;
+    background-color: #eef;
+    padding: 0 .4em;
+  }
+
+  #security ul,
+  #security ol {
+    margin-left: 1.35em;
+  }
+
+  #security code {
+    border: 1px solid #ddd;
+    background-color: #eef;
+    font-size: 85%;
+    padding: 0 .2em;
+  }
+
+    #security pre code {
+      border: none;
+    }
+
+  #security img {
+    max-width: 42em;
+    padding: 1em 0;
+  }
+
+  /* terminal */
+
+  #security pre.terminal {
+    border: 1px solid black;
+    background-color: #333;
+    color: white;
+  }
+
+  #security pre.terminal code {
+    background-color: #333;
+  }
+
+#related {
+  margin-top: 2em;
+}
+
+  #related h2 {
+    margin-bottom: 1em;
+}
+/