Threat Hunt Deep Dives Ep. 3 - SolarWinds' Supply-Chain Compromise (Solorigate / SUNBURST Backdoor)
Welcome to Threat Hunt Deep Dives, Episode 3! Today we are looking at the recent SolarWinds' Supply-Chain Compromise and the associated SUNBURST Backdoor (aka Solorigate). Join us as we put this threat under the microscope.
Cyborg Security is changing the Threat Hunting game, check us out at:
https://www.cyborgsecurity.com/
https://twitter.com/cyb0rgsecur1ty
https://www.linkedin.com/company/cyborg-security/
Cyborg Security blogpost on SolarWinds Supply Chain Compromise and SUNBURST Backdoor (IOCs here!):
https://www.cyborgsecurity.com/cyborg_labs/threat-hunt-deep-dives-solarwinds-supply-chain-compromise-solorigate-sunburst-backdoor/
FireEye blogpost on the SolarWinds Supply Chain Compromise and SUNBURST Backdoor:
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
FireEye SUNBURST Countermeasures Repo:
https://github.com/fireeye/sunburst_countermeasures
DHS Emergency Directive on the SolarWinds Supply Chain Compromise:
https://cyber.dhs.gov/ed/21-01/
FireEye blogpost on initial breach:
https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html
FireEye Red Team Tool Countermeasures:
https://github.com/fireeye/red_team_tool_countermeasures
The Guardian Article on Treasury Hacked by Foreign Actors:
https://www.theguardian.com/technology/2020/dec/13/us-treasury-hacked-group-backed-by-foreign-government-report
Washington Post Article on Treasury and Commerce Compromised by Russian Government Hackers:
https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html
MEGA Backup of trojanized "SolarWinds-Core-v2019.4.5220-Hotfix5.msp" infected.zip (password is infected):
https://mega.nz/file/cLp1xCRZ#kDsjGcZKx2L8MWTLMW0E6meV6IwaSoJDeLgH_tne3YY
Decompiled SUNBURST Backdoor from Shadow0ps:
https://github.com/Shadow0ps/solorigate_sample_source
0:00 Intro
2:50 Background
10:07 Overview
18:48 Remediation
25:31 Hunting & Detection
32:15 SUNBURST Details
36:11 Reverse Engineering
Видео Threat Hunt Deep Dives Ep. 3 - SolarWinds' Supply-Chain Compromise (Solorigate / SUNBURST Backdoor) канала Cyborg Security
Cyborg Security is changing the Threat Hunting game, check us out at:
https://www.cyborgsecurity.com/
https://twitter.com/cyb0rgsecur1ty
https://www.linkedin.com/company/cyborg-security/
Cyborg Security blogpost on SolarWinds Supply Chain Compromise and SUNBURST Backdoor (IOCs here!):
https://www.cyborgsecurity.com/cyborg_labs/threat-hunt-deep-dives-solarwinds-supply-chain-compromise-solorigate-sunburst-backdoor/
FireEye blogpost on the SolarWinds Supply Chain Compromise and SUNBURST Backdoor:
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
FireEye SUNBURST Countermeasures Repo:
https://github.com/fireeye/sunburst_countermeasures
DHS Emergency Directive on the SolarWinds Supply Chain Compromise:
https://cyber.dhs.gov/ed/21-01/
FireEye blogpost on initial breach:
https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html
FireEye Red Team Tool Countermeasures:
https://github.com/fireeye/red_team_tool_countermeasures
The Guardian Article on Treasury Hacked by Foreign Actors:
https://www.theguardian.com/technology/2020/dec/13/us-treasury-hacked-group-backed-by-foreign-government-report
Washington Post Article on Treasury and Commerce Compromised by Russian Government Hackers:
https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html
MEGA Backup of trojanized "SolarWinds-Core-v2019.4.5220-Hotfix5.msp" infected.zip (password is infected):
https://mega.nz/file/cLp1xCRZ#kDsjGcZKx2L8MWTLMW0E6meV6IwaSoJDeLgH_tne3YY
Decompiled SUNBURST Backdoor from Shadow0ps:
https://github.com/Shadow0ps/solorigate_sample_source
0:00 Intro
2:50 Background
10:07 Overview
18:48 Remediation
25:31 Hunting & Detection
32:15 SUNBURST Details
36:11 Reverse Engineering
Видео Threat Hunt Deep Dives Ep. 3 - SolarWinds' Supply-Chain Compromise (Solorigate / SUNBURST Backdoor) канала Cyborg Security
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Threat Hunt Deep Dives Ep. 4 - Apache Struts RCE (CVE-2020-17530)
Finding SolarWinds / SUNBURST backdoors with Zeek, Suricata, & Corelight
Threat Hunting via Sysmon - SANS Blue Team Summit
Essential Elements of Effective Threat Hunting
Hunting Webshells on Microsoft Exchange Server - SANS Threat Hunting Summit 2017
A former NSA hacker breaks down the FireEye hack
#HITBGSEC 2017 CommSec D1 - Threat Hunting 101: Become The Hunter - Hamza Beghal
SUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse Engineering
Validating Your Detections with Red Canary's Atomic Red Team & Cyborg's Cyber Threat Emulation
Taking Hunting to the Next Level: Hunting in Memory - SANS Threat Hunting Summit 2017
SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain Attack
DIY DNS DFIR: You’re Doing it WRONG: Threat Hunting Summit 2016
Black Hat Webcast Series | Practical Threat Hunting: Straight Facts and Substantial Impacts
SANS Webcast: Effective (Threat) Hunting Techniques
Memory forensics demo: SolarWinds breach and Sunburst malware | Cyber Work Podcast
FOR508 - Advanced Incident Response and Threat Hunting Course Updates: Hunting Guide
Tales from the Network Threat Hunting Trenches & AI Hunter Demo
Solarigate Briefing
SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims
How to Cyber Threat Hunt