Threat Hunt Deep Dives Ep. 3 - SolarWinds' Supply-Chain Compromise (Solorigate / SUNBURST Backdoor)
Welcome to Threat Hunt Deep Dives, Episode 3! Today we are looking at the recent SolarWinds' Supply-Chain Compromise and the associated SUNBURST Backdoor (aka Solorigate). Join us as we put this threat under the microscope.
Cyborg Security is changing the Threat Hunting game, check us out at:
https://www.cyborgsecurity.com/
https://twitter.com/cyb0rgsecur1ty
https://www.linkedin.com/company/cyborg-security/
Cyborg Security blogpost on SolarWinds Supply Chain Compromise and SUNBURST Backdoor (IOCs here!):
https://www.cyborgsecurity.com/cyborg_labs/threat-hunt-deep-dives-solarwinds-supply-chain-compromise-solorigate-sunburst-backdoor/
FireEye blogpost on the SolarWinds Supply Chain Compromise and SUNBURST Backdoor:
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
FireEye SUNBURST Countermeasures Repo:
https://github.com/fireeye/sunburst_countermeasures
DHS Emergency Directive on the SolarWinds Supply Chain Compromise:
https://cyber.dhs.gov/ed/21-01/
FireEye blogpost on initial breach:
https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html
FireEye Red Team Tool Countermeasures:
https://github.com/fireeye/red_team_tool_countermeasures
The Guardian Article on Treasury Hacked by Foreign Actors:
https://www.theguardian.com/technology/2020/dec/13/us-treasury-hacked-group-backed-by-foreign-government-report
Washington Post Article on Treasury and Commerce Compromised by Russian Government Hackers:
https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html
MEGA Backup of trojanized "SolarWinds-Core-v2019.4.5220-Hotfix5.msp" infected.zip (password is infected):
https://mega.nz/file/cLp1xCRZ#kDsjGcZKx2L8MWTLMW0E6meV6IwaSoJDeLgH_tne3YY
Decompiled SUNBURST Backdoor from Shadow0ps:
https://github.com/Shadow0ps/solorigate_sample_source
0:00 Intro
2:50 Background
10:07 Overview
18:48 Remediation
25:31 Hunting & Detection
32:15 SUNBURST Details
36:11 Reverse Engineering
Видео Threat Hunt Deep Dives Ep. 3 - SolarWinds' Supply-Chain Compromise (Solorigate / SUNBURST Backdoor) канала Cyborg Security
Cyborg Security is changing the Threat Hunting game, check us out at:
https://www.cyborgsecurity.com/
https://twitter.com/cyb0rgsecur1ty
https://www.linkedin.com/company/cyborg-security/
Cyborg Security blogpost on SolarWinds Supply Chain Compromise and SUNBURST Backdoor (IOCs here!):
https://www.cyborgsecurity.com/cyborg_labs/threat-hunt-deep-dives-solarwinds-supply-chain-compromise-solorigate-sunburst-backdoor/
FireEye blogpost on the SolarWinds Supply Chain Compromise and SUNBURST Backdoor:
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
FireEye SUNBURST Countermeasures Repo:
https://github.com/fireeye/sunburst_countermeasures
DHS Emergency Directive on the SolarWinds Supply Chain Compromise:
https://cyber.dhs.gov/ed/21-01/
FireEye blogpost on initial breach:
https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html
FireEye Red Team Tool Countermeasures:
https://github.com/fireeye/red_team_tool_countermeasures
The Guardian Article on Treasury Hacked by Foreign Actors:
https://www.theguardian.com/technology/2020/dec/13/us-treasury-hacked-group-backed-by-foreign-government-report
Washington Post Article on Treasury and Commerce Compromised by Russian Government Hackers:
https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html
MEGA Backup of trojanized "SolarWinds-Core-v2019.4.5220-Hotfix5.msp" infected.zip (password is infected):
https://mega.nz/file/cLp1xCRZ#kDsjGcZKx2L8MWTLMW0E6meV6IwaSoJDeLgH_tne3YY
Decompiled SUNBURST Backdoor from Shadow0ps:
https://github.com/Shadow0ps/solorigate_sample_source
0:00 Intro
2:50 Background
10:07 Overview
18:48 Remediation
25:31 Hunting & Detection
32:15 SUNBURST Details
36:11 Reverse Engineering
Видео Threat Hunt Deep Dives Ep. 3 - SolarWinds' Supply-Chain Compromise (Solorigate / SUNBURST Backdoor) канала Cyborg Security
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Threat Hunt Deep Dives Ep. 4 - Apache Struts RCE (CVE-2020-17530)Finding SolarWinds / SUNBURST backdoors with Zeek, Suricata, & CorelightThreat Hunting via Sysmon - SANS Blue Team SummitEssential Elements of Effective Threat HuntingHunting Webshells on Microsoft Exchange Server - SANS Threat Hunting Summit 2017A former NSA hacker breaks down the FireEye hack#HITBGSEC 2017 CommSec D1 - Threat Hunting 101: Become The Hunter - Hamza BeghalSUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse EngineeringValidating Your Detections with Red Canary's Atomic Red Team & Cyborg's Cyber Threat EmulationTaking Hunting to the Next Level: Hunting in Memory - SANS Threat Hunting Summit 2017SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain AttackDIY DNS DFIR: You’re Doing it WRONG: Threat Hunting Summit 2016Black Hat Webcast Series | Practical Threat Hunting: Straight Facts and Substantial ImpactsSANS Webcast: Effective (Threat) Hunting TechniquesMemory forensics demo: SolarWinds breach and Sunburst malware | Cyber Work PodcastFOR508 - Advanced Incident Response and Threat Hunting Course Updates: Hunting GuideTales from the Network Threat Hunting Trenches & AI Hunter DemoSolarigate BriefingSUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying VictimsHow to Cyber Threat Hunt