December 23

Webinar takeaway: Discussing Implications of the SolarWinds Breach(es)


My key takeaways

  • stop panicking, the Solarwind hack is over. C2 channels are dead. Party is over.
    • don’t poke at the IOC’s *
    • focus on the fundamentals and how to avoid it happen again
  • Fundamentals:
    • DNS most valuable hunting artefacts
    • Know what you have where
    • Know all your software
    • Where are the blind spots? <- detect anomalies
    • Doesn’t have to be expensive: SecurityOnion is free
  • Should there be a council enforcing higher standards for critical infrastructure or supliers for critical infrastructure?
    • probably to come
    • national software like OS in North Korea or Email clients in Russia indicate how serious other nations take also the suply chain
    • certifing people improved quality incrementaly
    • Software might benefit as well
  • Do a due diligence for software to be installed as you would do for a merger
  • More "boxes" (security hardware) wont help
  • Having a CISO in a company will not avoid being hit from events like Solarburst
  • Continous churn of Director of security / CISO -> sign for dumpster fire
  • Director of security / CISO stays for 15 years? <- uhuh, probably excuse role
  • Don’t use it as an excuse to NOT patch!
    • Antivaxer – Antipatcher
  • who already practices incident response round tables knows where he stands right now
*) IOC
indictaors of compromise


additional links

Photo by Kym MacKinnon on Unsplash


solarburst, threathunting, webinar takeaway

You may also like

Webinar takeaway – Applying The Threat Hunter’s Runbook

Webinar takeaway – Applying The Threat Hunter’s Runbook

Webinar takeaway – The Ins and Outs of RITA

Webinar takeaway – The Ins and Outs of RITA
Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit markiert.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}