SUNBURST SolarWinds Malware Analysis - Tools, Tactics and Malware Reverse Engineering
SUNBURST SolarWinds Malware Analysis - Tools, Tactics and Malware Reverse Engineering
Here we take a look inside so of the most complex, elegant, well-crafted malware I've seen, known as SUNBURST and responsible for the global SolarWinds compromise. This code is a malicious DLL, loaded by the parent platform and blends in exceptionally well to the whole code-ecosystem.
This Video starts with a little Podcast on the SolarWinds Compromise and then we discuss the Attack Chain and We start by using DNSpy to decompile the .NET code, giving us access to the source code and perform complete Reverse Engineering and full code analysis
We cover FNV-1 hashing (something I'd never heard of!) and also variances of the Base64 encoding routine which the bad guys are using the mask their malicious code.
Special thanks to FireEye, their research on this malware is exceptional.
To watch the Episode checkout this link : https://youtu.be/Sd2ID3XMU4s
#sunburst #solarwinds #malwareanalysis
LINKS
=====
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
https://github.com/fireeye/sunburst_countermeasures
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
github.com/ITAYC0HEN/SUNBURST-Cracked/blob/main/OrionImprovementBusinessLayer_modified.cs
https://mp.weixin.qq.com/s/UqXC1vovKUu97569LkYm2Q
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/
TOOLS
======
dnSpy - https://github.com/dnSpy/dnSpy
De4Dot - https://github.com/de4dot/de4dot
THANKS
=======
If you LIKED this video, please hit the THUMBS UP and please SUBSCRIBE!
Many thanks for watching
Cheers
Видео SUNBURST SolarWinds Malware Analysis - Tools, Tactics and Malware Reverse Engineering канала INTEL ARCHIVES
Here we take a look inside so of the most complex, elegant, well-crafted malware I've seen, known as SUNBURST and responsible for the global SolarWinds compromise. This code is a malicious DLL, loaded by the parent platform and blends in exceptionally well to the whole code-ecosystem.
This Video starts with a little Podcast on the SolarWinds Compromise and then we discuss the Attack Chain and We start by using DNSpy to decompile the .NET code, giving us access to the source code and perform complete Reverse Engineering and full code analysis
We cover FNV-1 hashing (something I'd never heard of!) and also variances of the Base64 encoding routine which the bad guys are using the mask their malicious code.
Special thanks to FireEye, their research on this malware is exceptional.
To watch the Episode checkout this link : https://youtu.be/Sd2ID3XMU4s
#sunburst #solarwinds #malwareanalysis
LINKS
=====
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
https://github.com/fireeye/sunburst_countermeasures
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
github.com/ITAYC0HEN/SUNBURST-Cracked/blob/main/OrionImprovementBusinessLayer_modified.cs
https://mp.weixin.qq.com/s/UqXC1vovKUu97569LkYm2Q
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/
TOOLS
======
dnSpy - https://github.com/dnSpy/dnSpy
De4Dot - https://github.com/de4dot/de4dot
THANKS
=======
If you LIKED this video, please hit the THUMBS UP and please SUBSCRIBE!
Many thanks for watching
Cheers
Видео SUNBURST SolarWinds Malware Analysis - Tools, Tactics and Malware Reverse Engineering канала INTEL ARCHIVES
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
SUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse EngineeringHow the SolarWinds Hack Could Change Data Security ForeverThe SolarWinds Hack Explained | Cybersecurity AdviceThe threats arising from the massive SolarWinds hackMozi Malware - Finding Breadcrumbs...FAKE Antivirus? Malware Analysis of Decoy 'kaspersky.exe'Langner's Stuxnet Deep DiveWhat is SolarWinds Hack? Massive cyberattacks in USA explained - Is Russia involved in it? #UPSCIdentify C2C malware in the face of threats like SolarWinds Orion attack | SISA WebinarThe SolarWinds Hack And The Future Of Cyber EspionageAnalyzing Ransomware - Reversing Basic .NET RansomwareUniversities Are Getting Destroyed By RansomwareShawn Thomas - An Introduction To Malware Analysis video - DEF CON 27 Blue Team VillageSolarWinds Attack End-to-End Demolofi hip hop radio - beats to relax/study toHow to Present Cyber Security Risk to Senior Leadership | SANS WebcastPractical Malware Analysis Essentials for Incident RespondersMALWARE ANALYSIS - VBScript Decoding & DeobfuscatingReversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #GhidraAnalyzing Ransomware - Completing a FULL Analysis