bpmcdevitt/brendan.mcdevitt.tech
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

solarwinds post captured

Browse source
This commit is contained in:
Brendan McDevitt 2020-12-18 01:43:15 -05:00
parent d1043e01c8
commit 01b3db6dec
4 changed files with 120 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
_config.yml
View file

@ -33,6 +33,8 @@ collections:
output: true output: true
photos: photos:
output: true output: true
security:
output: true
# Exclude from processing. # Exclude from processing.
# The following items will not be processed, by default. Create a custom list # The following items will not be processed, by default. Create a custom list
@ -44,4 +46,4 @@ collections:
# - vendor/bundle/ # - vendor/bundle/
# - vendor/cache/ # - vendor/cache/
# - vendor/gems/ # - vendor/gems/
# - vendor/ruby/ # - vendor/ruby/

6
_layouts/security.html Normal file
View file

@ -0,0 +1,6 @@
---
layout: default
---
<div id="security">
{{ content }}
</div>

37
_security/2020-12-17-thoughts-on-solarwinds.markdown Normal file
View file

@ -0,0 +1,37 @@
---
layout: security
title: "Thoughts on SolarWinds hack"
0ate: 2020-12-17
categories: security
---
# My thoughts on the SolarWinds hack
## A worst case scenario
What if a threat actor was able to compromise a software program that gave
operators insight into the systems that live on a network? A network map if you will as well as host up/down checking abilities. Oh, and a centralized storage place for credentials?
What if the government (and a whole bunch of other companies with sensitive information) ran this software across alot of its infrastructure?
Well that software was SolarWinds, and it has been owned. A nation-state level attack believed to be from Russian hacking group [APT29/CozyBear](https://en.wikipedia.org/wiki/Cozy_Bear) are believed to be behind the hack. They
have compromised many of the internal government networks and work is ongoing to
investigate the damage of companies and government agencies alike.
As I am fairly fresh into a new security research position at [Kenna Security](https://www.kennasecurity.com/)
I want to begin this with a realization that targeted hacking has been going on for years. Me being a civilian, I have limited insight into the true nature of the intelligence operations that are constantly occurring across both the civilian/corporate internet and militarized networks. But I still do understand that this is something that is constantly occurring and one of the prime motivators for me to start learning about this space. I wanted to understand how the world works, and who controls the computers that control everything.
Information control is everything in the world today, and the United States
intelligence agencies have developed the systems to capture and collect
a whole bunch of data. This will always be a target to foreign nation-states. Systems will need
to be rebuilt from scratch and systems needs to start being forensically imaged/copied and analyzed by
incident response teams and really really skilled hackers and programmers to try to
rebuild things in a much more secure manner and track the nation state hackers
footprints.
I will be doing my best to start to better track down threat actors around the
internet. Everybody in this space that is responsbile for securing
infrastructure needs to always have a paranoid mindset and understand the
realization of the world that we are in today. SolarWinds will not be the first
example of this as we the future continue to unfold.
### Source list:
- [FireEye Advisory](https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html)
- [DHS Emergency Directive](https://cyber.dhs.gov/ed/21-01/)
- [CISA Alert AA20-352A](https://us-cert.cisa.gov/ncas/alerts/aa20-352a)

74
css/screen.css
View file

@ -112,6 +112,22 @@ ul.programming {
font-size: 80%; font-size: 80%;
} }
# security
ul.security {
list-style-type: none;
margin-bottom: 2em;
}
ul.security li {
line-height: 1.75em;
}
ul.security span {
color: #aaa;
font-family: Monaco, "Courier New", monospace;
font-size: 80%;
}
/*****************************************************************************/ /*****************************************************************************/
/* /*
/* Site /* Site
@ -298,4 +314,62 @@ ul.programming {
#related h2 { #related h2 {
margin-bottom: 1em; margin-bottom: 1em;
} }
/*****************************************************************************/
/*
/* Security
/*
/*****************************************************************************/
#security {
}
/* standard */
#security pre {
border: 1px solid #ddd;
background-color: #eef;
padding: 0 .4em;
}
#security ul,
#security ol {
margin-left: 1.35em;
}
#security code {
border: 1px solid #ddd;
background-color: #eef;
font-size: 85%;
padding: 0 .2em;
}
#security pre code {
border: none;
}
#security img {
max-width: 42em;
padding: 1em 0;
}
/* terminal */
#security pre.terminal {
border: 1px solid black;
background-color: #333;
color: white;
}
#security pre.terminal code {
background-color: #333;
}
#related {
margin-top: 2em;
}
#related h2 {
margin-bottom: 1em;
}
/