This document summarizes the SolarWinds supply chain attack, including the various stages of malware used (SUNBURST, SUPERNOVA, TEARDROP, RAINDROP, etc.), the timeline of the attack, potential vectors used, the types of information and organizations targeted, and lessons learned about supply chain security and the challenges of cyber defense. Key takeaways include that nothing is unhackable, risk extends to all vendors and connected systems, and the largest security risk comes from people. Comprehensive defenses require detection, response, and remediation capabilities as well as assuming breaches will occur.
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
We are all aware of the current risks when developing a connected product, especially with vehicles since much is at stake both from an information and safety perspective. In this workshop, we will learn how to build Security requirements, architect, design, test and produce Safety and Security critical components using a methodology that works in harmony both with Engineering and Security
Do you know the internal signs of a compromise? This deck takes you through the process our Mandiant services teams go through to help discover if an organization has been compromised. You can also view the full webinar here: https://www.brighttalk.com/webcast/10703/187133?utm_source=SS
Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido
se / quando todas as fases foram realizadas.
(DOCUMENTO EM INGLÊS)
The top two attack vectors for malware are email and web browsers. Watering-hole attacks conceal malware on member-based sites and phishing scams can target individuals with personal details. This PPT describes a different security approach to protect against these threats while achieving business growth, efficiency and lowered expenses. The presentation features Cisco Email, Web and Cloud Web Security and covers basic features, offers, benefits, newest features and product integrations. Watch the webinar: http://cs.co/9004BGqvy
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
Esta presentación tiene como fin analizar los vectores de amenazas online, tales como: ataques basados en correo electrónico, plataformas web, redes sociales, ingeniería social, botnets, y también vectores de amenazas offline, tales como: vulnerabilidades de USB y las emanaciones electromagnéticas. Asimismo, las vulnerabilidades de días cero y las infracciones más grandes divulgadas por la compañía; es así como, bajo esta problemática, dará a conocer las medidas para proteger los datos y luchar contra el fenómeno de la ciberdelincuencia.
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
We are all aware of the current risks when developing a connected product, especially with vehicles since much is at stake both from an information and safety perspective. In this workshop, we will learn how to build Security requirements, architect, design, test and produce Safety and Security critical components using a methodology that works in harmony both with Engineering and Security
Do you know the internal signs of a compromise? This deck takes you through the process our Mandiant services teams go through to help discover if an organization has been compromised. You can also view the full webinar here: https://www.brighttalk.com/webcast/10703/187133?utm_source=SS
Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido
se / quando todas as fases foram realizadas.
(DOCUMENTO EM INGLÊS)
The top two attack vectors for malware are email and web browsers. Watering-hole attacks conceal malware on member-based sites and phishing scams can target individuals with personal details. This PPT describes a different security approach to protect against these threats while achieving business growth, efficiency and lowered expenses. The presentation features Cisco Email, Web and Cloud Web Security and covers basic features, offers, benefits, newest features and product integrations. Watch the webinar: http://cs.co/9004BGqvy
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
Esta presentación tiene como fin analizar los vectores de amenazas online, tales como: ataques basados en correo electrónico, plataformas web, redes sociales, ingeniería social, botnets, y también vectores de amenazas offline, tales como: vulnerabilidades de USB y las emanaciones electromagnéticas. Asimismo, las vulnerabilidades de días cero y las infracciones más grandes divulgadas por la compañía; es así como, bajo esta problemática, dará a conocer las medidas para proteger los datos y luchar contra el fenómeno de la ciberdelincuencia.
The Cyber Attack landscape is evolving with new attack vectors and dangerous trends that can affect the security of your business. Some attacks can take only minutes to complete, yet months to be discovered.
Determine your attack risk and learn what to look for in a quality cyber attack defense.
Please visit here: http://www.radware.com/social/amn/ for information on Radware's AMN (Attack Mitigation Network.
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...FireEye, Inc.
Get an overview the threat groups targeting the legal and professional services industries, as well as the top 5 malware and crimewave families detected.
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
Cyber espionage attacks have been aware of for around 10 years. Security vendors keep inventing new technology to defend against attack. Many solutions look fancy, however breaches keep happening. People spent a lot of budget to improve their fences, but the effectiveness of these security products remains doubtful. In Taiwan, we have more than 10 years history with cyber espionage attacks. Government, enterprises, and security vendors were fighting hard with threat actors, but new victims still got compromised day by day.
In recent years, a lot of Japanese government agencies, defense industry, enterprises are suffering from cyber attacks from cyber espionage groups. We keep seeing breaches and incidents from news. We believe many victims still have no good strategy to defend and control the situation.
In this talk, cyber espionage attacks in the last decade would be discussed from Asia Pacific region’s point of view. We’ll discuss why security solutions didn’t work, how actors easily bypassed those fancy solutions and adopted countermeasures quickly with very low cost. Besides, according to our incident response’s experience for hundreds times and consulting to help victim for several years, we will try to propose a design of security model to prevent, detect, react, and remediate cyber espionage threats.
The State Of Information and Cyber Security in 2016Shannon G., MBA
Shannon Glass, Practice Director from AfidenceIT talks about the State of Information and Cyber Security in 2016. She covers the importance of creating a culture of security awareness within an organization, threats to look out for on the landscape, and why you should care about protecting your data assets.
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
For several years now, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been monitoring more than 60 threat actors responsible for cyber-attacks worldwide. By closely observing these organizations, which appear to be fluent in many languages, including Russian, Chinese, German, Spanish, Arabic and Persian, we have put together a list of what seem to be the emerging threats in the APT world. We think these will play an important role in 2015 and deserve special attention. As a participant of the webinar, you will be the first to hear our detailed analysis of the trends.
The webinar was hosted by Costin Raiu, Director of GReAT at Kaspersky Lab, on December 11.
“If we can call 2014‘sophisticated’, then the word for 2015 will be ‘elusive’. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we’ve already discovered APT players using several zero-days, and we’ve observed new persistence and stealth techniques. We have used this to develop and deploy several new defense mechanisms for our users,” comments Costin Raiu.
Listen to the presentation https://kas.pr/aptwebinar
Read the full report https://kas.pr/ksb
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
Presented at ISSA Cornerstones of Trust June 6, 2012.
No one wants to be the next cyber casualty. Collectively, organizations spend an enormous amount of resources deploying and managing security solutions to block malware, protect data, and keep critical business services operating.
Yet most organizations remain inadequately protected against evolving and dangerous cyber threats. In this session, we will learn to recognize common network attack scenarios and mitigate the combination of misconfigurations, vulnerabilities, access policy violations and other security gaps that can be exploited by sophisticated attackers.
High-profile breaches at Epsilon, Sony, and other enterprise and government networks have dominated the news lately, raising awareness of the need to design effective security strategies against sophisticated attacks and advanced persistent threats (APTs). Many companies struggle with where to begin to develop an effective plan of cyber defense.
During this session we will walk the audience through several attack scenarios using a visual attack explorer tool, highlighting the combination of security gaps that are often used and how to prevent them. Network modeling, vulnerability analysis, access path analysis, and attack simulation will all be introduced and we will show how these analytical tools can be used to quickly and automatically find exposed areas of a network.
Download the full Midyear Security Report >> http://cs.co/MSR15SL
Cisco has released its Midyear Security Report. In this report, Cisco provides industry insights and key findings taken from threat intelligence and cybersecurity trends for the first half of 2015.
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
The Cyber Attack landscape is evolving with new attack vectors and dangerous trends that can affect the security of your business. Some attacks can take only minutes to complete, yet months to be discovered.
Determine your attack risk and learn what to look for in a quality cyber attack defense.
Please visit here: http://www.radware.com/social/amn/ for information on Radware's AMN (Attack Mitigation Network.
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...FireEye, Inc.
Get an overview the threat groups targeting the legal and professional services industries, as well as the top 5 malware and crimewave families detected.
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
Cyber espionage attacks have been aware of for around 10 years. Security vendors keep inventing new technology to defend against attack. Many solutions look fancy, however breaches keep happening. People spent a lot of budget to improve their fences, but the effectiveness of these security products remains doubtful. In Taiwan, we have more than 10 years history with cyber espionage attacks. Government, enterprises, and security vendors were fighting hard with threat actors, but new victims still got compromised day by day.
In recent years, a lot of Japanese government agencies, defense industry, enterprises are suffering from cyber attacks from cyber espionage groups. We keep seeing breaches and incidents from news. We believe many victims still have no good strategy to defend and control the situation.
In this talk, cyber espionage attacks in the last decade would be discussed from Asia Pacific region’s point of view. We’ll discuss why security solutions didn’t work, how actors easily bypassed those fancy solutions and adopted countermeasures quickly with very low cost. Besides, according to our incident response’s experience for hundreds times and consulting to help victim for several years, we will try to propose a design of security model to prevent, detect, react, and remediate cyber espionage threats.
The State Of Information and Cyber Security in 2016Shannon G., MBA
Shannon Glass, Practice Director from AfidenceIT talks about the State of Information and Cyber Security in 2016. She covers the importance of creating a culture of security awareness within an organization, threats to look out for on the landscape, and why you should care about protecting your data assets.
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
For several years now, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been monitoring more than 60 threat actors responsible for cyber-attacks worldwide. By closely observing these organizations, which appear to be fluent in many languages, including Russian, Chinese, German, Spanish, Arabic and Persian, we have put together a list of what seem to be the emerging threats in the APT world. We think these will play an important role in 2015 and deserve special attention. As a participant of the webinar, you will be the first to hear our detailed analysis of the trends.
The webinar was hosted by Costin Raiu, Director of GReAT at Kaspersky Lab, on December 11.
“If we can call 2014‘sophisticated’, then the word for 2015 will be ‘elusive’. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we’ve already discovered APT players using several zero-days, and we’ve observed new persistence and stealth techniques. We have used this to develop and deploy several new defense mechanisms for our users,” comments Costin Raiu.
Listen to the presentation https://kas.pr/aptwebinar
Read the full report https://kas.pr/ksb
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
Presented at ISSA Cornerstones of Trust June 6, 2012.
No one wants to be the next cyber casualty. Collectively, organizations spend an enormous amount of resources deploying and managing security solutions to block malware, protect data, and keep critical business services operating.
Yet most organizations remain inadequately protected against evolving and dangerous cyber threats. In this session, we will learn to recognize common network attack scenarios and mitigate the combination of misconfigurations, vulnerabilities, access policy violations and other security gaps that can be exploited by sophisticated attackers.
High-profile breaches at Epsilon, Sony, and other enterprise and government networks have dominated the news lately, raising awareness of the need to design effective security strategies against sophisticated attacks and advanced persistent threats (APTs). Many companies struggle with where to begin to develop an effective plan of cyber defense.
During this session we will walk the audience through several attack scenarios using a visual attack explorer tool, highlighting the combination of security gaps that are often used and how to prevent them. Network modeling, vulnerability analysis, access path analysis, and attack simulation will all be introduced and we will show how these analytical tools can be used to quickly and automatically find exposed areas of a network.
Download the full Midyear Security Report >> http://cs.co/MSR15SL
Cisco has released its Midyear Security Report. In this report, Cisco provides industry insights and key findings taken from threat intelligence and cybersecurity trends for the first half of 2015.
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
Microsoft has announced the BlueKeep vulnerability, a wormable Remote Desktop vulnerability that has a high potential of being exploited in legacy operating systems.
Be warned, this vulnerability can be exploited remotely with no authentication required. Protect yourself from what people are calling the next WannaCry.
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
Kimsuky is a North Korean APT possibly controlled by North Korea's Reconnaissance General Bureau. Based on reports from the Korea Internet & Security Agency (KISA) and other vendors, TeamT5 identified that Kimsuky's most active group, CloudDragon, built a workflow functioning as a "Credential Factory," collecting and exploiting these massive credentials.
The credential factory powers CloudDragon to start its espionage campaigns. CloudDragon's campaigns have aligned with DPRK's interests, targeting the organizations and key figures playing a role in the DPRK relationship. Our database suggested that CloudDragon has possibly infiltrated targets in South Korea, Japan, and the United States. Victims include think tanks, NGOs, media agencies, educational institutes, and many individuals.
CloudDragon's "Credential Factory" can be divided into three small cycles, "Daily Cycle," "Campaign Cycle," and "Post-exploit Cycle." The"Daily Cycle" can collect massive credentials and use the stolen credentials to accelerate its APT life cycle.
In the "Campaign Cycle," CloudDragon develops many new malware. While we responded to CloudDragon's incidents, we found that the actor still relied on BabyShark malware. CloudDragon once used BabyShark to deploy a new browser extension malware targeting victims' browsers. Moreover, CloudDragon is also developing a shellcode-based malware, Dust.
In the "Post-exploit Cycle," the actor relied on hacking tools rather than malicious backdoors. We also identified that the actor used remote desktop software to prevent detection.
In this presentation, we will go through some of the most significant operations conducted by CloudDragon, and more importantly, we will provide possible scenarios of future invasions for defense and detection.
CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...CloudIDSummit
Russell Miller, Director, Solutions Marketing, CA
Securing privileged identities is essential to reducing the risk of not only insider attacks, but from outsiders as well. Learn how to expand your thinking about privileged identities to address the latest trends and threats.
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveCisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. Targeted Attacks, which the media refers to as APTs, are threats that must be addressed by any organization requiring networked computers to do business. In this session we will go over the run book techniques used by these threat actors and then go over strategies for mitigating those attacks. In this session we will focus on the concepts that developers of network applications need to be aware of to mitigate these styles of attacks and techniques to use. To finish off, we will delve into pxGrid and what it can offer to break these APT style attack playbooks. Backgrounder: We obtained knowledge of these run book techniques from trusted advisors, peers in the industry and from our own observations. Our own observations included information from our CSIRT, our security products in the field as well as our internal phishing awareness campaign. After studying these techniques we devised strategies to mitigate them. Those strategies were then tested and deployed throughout our ecosystem. The Cisco CSDL initiative and ACT2 chips will also be techniques and tools highlighted in this session.
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
Got Invited for conducting the workshop on ‘Cyber Security’ at top notch engineering college.
Sardar Patel Institute of Technology, Andheri on 3rd October, 2015.
Student feedback:-
https://drive.google.com/file/d/0B_uWWP1uW7TFWVdTanJFdTlqNkE/view?usp=sharing
Appreciation letter:-
https://drive.google.com/file/d/0B_uWWP1uW7TFMkVVUTR4V1JTN2c/view?usp=sharing
IoT Sensor Sensibility - Hull Digital - C4Di - Feb 2016Glynn Bird
An Introduction to IoT. What is it, why does it matter and how can I get started. Introduces MQTT and talks about offline-first data collection using CouchDB and Cloudant replication. Hardware such as Raspberry Pis and SensorTags are also discussed.
Incorporating infrastructure-as-code into software development is helping cloud security practitioners to prevent bad configurations upstream, without inflating development backlogs. In this session, we cover a simple method to write, test, and maintain infrastructure-as-code at scale using policy-as-code. We will go over open source projects to analyze your Terraform code and AWS environment and compare the two approaches (runtime vs static analysis) and specifically
https://github.com/bridgecrewio/checkov/
Was presented at OWASP Israel meetup at February 2020:
https://www.meetup.com/OWASP-Israel/events/268461033/
Euro Cup fans worldwide can book Euro 2024 Tickets from our online platform www.worldwideticketsandhospitality. Fans can book Ukraine Vs Belgium Tickets on our website at discounted prices.
Mock 2024 NHL Draft Experts Divided after Celebrini, Levshunov, Silayev go in...Ice Brek
After the NHL Draft Lottery on Monday, Adam Kimelman, NHL.com’s deputy managing editor,
and Mike G., senior draft writer, Morreale make their predictions for how the first 16 selections
of the 2024 Upper Deck NHL Draft could turn out.
Ukraine Euro Cup 2024 Squad Sergiy Rebrov's Selections and Prospects.docxEuro Cup 2024 Tickets
After securing their spot through the playoff route, Ukraine is gearing up for their fourth consecutive European Championship. Ukraine first qualified as hosts in 2012, but in 2016
Turkey vs Georgia Tickets: Turkey's Road to Glory and Building Momentum for U...Eticketing.co
Euro Cup Germany fans worldwide can book Euro 2024 Tickets from our online platform www.eticketing.co.Fans can book Euro Cup 2024 Tickets on our website at discounted prices.
Albania vs Spain Euro Cup 2024 Very Close Armando Broja Optimistic Albania Wi...Eticketing.co
Euro Cup 2024 fans worldwide can book Albania vs Spain Tickets from our online platform www.eticketing.co. Fans can book Euro Cup Germany Tickets on our website at discounted prices.
Euro Cup fans worldwide can book Euro 2024 Tickets from our online platform www.worldwideticketsandhospitality. Fans can book Spain Vs Croatia Tickets on our website at discounted prices.
Results for LtCol Thomas Jasper, Marine, for the 2010 Marine Corps Marathon held October 31, 2010, marking the 35th annual marathon known as "The People's Marathon."
An impressive finishing time of 3:46:39, placing 324th in the Male division ages 40-44.
Narrated Business Proposal for the Philadelphia Eaglescamrynascott12
Slide 1:
Welcome, and thank you for joining me today. We will explore a strategic proposal to enhance parking and traffic management at Lincoln Financial Field, aiming to improve the overall fan experience and operational efficiency. This comprehensive plan addresses existing challenges and leverages innovative solutions to create a smoother and more enjoyable experience for our fans.
Slide 2:
Picture this: It’s a crisp fall afternoon, driving towards Lincoln Financial Field. The atmosphere is electric—tailgaters grilling, fans in Eagles jerseys creating a sea of green and white. The air buzzes with camaraderie and anticipation. You park, join the throng, and make your way to your seat. The stadium roars as the Eagles take the field, sending chills down your spine. Each play is a thrilling dance of strategy and skill. This is what being an Eagles fan is all about—the joy, the pride, and the shared experience.
Slide 3:
But now, the day is marred by frustration. The excitement wanes as you struggle to find a parking spot. The congestion is overwhelming, and tempers flare. The delays mean you miss the pre-game excitement, the tailgate camaraderie, and even the opening kick-off. After the game, the joy of victory or the shared solace of defeat is overshadowed by the stress of navigating out of the parking lot. The gridlock, honking horns, and endless waiting drain the energy and joy from what should have been an unforgettable experience.
Our proposal aims to eliminate these frustrations, ensuring that from arrival to departure, your experience is extraordinary. Efficient parking and smooth traffic flow are key to maintaining the high spirits and excitement that make game days special.
Slide 4:
The Philadelphia Eagles are not just a premier NFL team; they are an integral part of the community, hosting games, concerts, and various events at Lincoln Financial Field. Our state-of-the-art stadium is designed to provide a world-class experience for every attendee. Whether it's the thrill of game day, the excitement of a live concert, or the camaraderie of community events, we pride ourselves on delivering a fan-first experience and maintaining operational excellence across all our activities. Our commitment to our fans and community is unwavering, and we continuously strive to enhance every aspect of their experience, ensuring they leave with unforgettable memories.
Slide 5:
Recent trends show an increasing demand for efficient event logistics. Our customer feedback has consistently highlighted frustrations with parking and traffic. Surveys indicate that a significant number of fans are dissatisfied with the current parking situation. Comparisons with other venues like Citizens Bank Park and Wells Fargo Center reveal that we lag in terms of parking efficiency and convenience. These insights underscore the urgent need for innovation to meet and exceed fan expectations.
Slide 6:
As we delve into the intricacies of our operations, one glaring issue emer
Euro Cup fans worldwide can book Euro 2024 Tickets from our online platform www.worldwideticketsandhospitality. Fans can book Denmark Vs England Tickets on our website at discounted prices.
Spain's Euro Cup 2024 Selections and Croatia's Group of Death Challenge.docxEuro Cup 2024 Tickets
Chelsea's Marc Cucurella is one of only three Premier League players included in Spain's preliminary Euro Cup 2024 squad as the Tottenham star with 11 goal contributions is overlooked
Spain vs Croatia Date, venue and match preview ahead of Euro Cup clash as Mod...Eticketing.co
We offer Euro Cup Tickets to admirers who can get Spain vs Croatia Tickets through our trusted online ticketing marketplace. Eticketing.co is the most reliable source for booking Euro Cup Final Tickets. Sign up for the latest Euro Cup Germany Ticket alert.
Euro Cup fans worldwide can book Euro 2024 Tickets from our online platform www.worldwideticketsandhospitality. Fans can book Belgium Vs Romania Tickets on our website at discounted prices.
Mats André Zuccarello Aasen, commonly known as Mats Zuccarello, was born on September 1, 1987, in
Oslo, Norway. He grew up in the bustling neighborhood of Løren, where his passion for ice hockey began
at a young age. His mother, Anita Zuccarello, is of Italian descent, and his father, Glenn Aasen, is
Norwegian. This multicultural background played a significant role in shaping his identity and versatility
on and off the ice.
Denmark vs England England Euro Cup squad guide Fixtures, predictions and bes...Eticketing.co
We offer UEFA Euro 2024 Tickets to admirers who can get Denmark vs England Tickets through our trusted online ticketing marketplace. Eticketing. co is the most reliable source for booking Euro Cup Final Tickets. Sign up for the latest Euro Cup Germany Ticket alert.
Euro Cup fans worldwide can book Euro 2024 Tickets from our online platform www.worldwideticketsandhospitality. Fans can book Poland Vs Austria Tickets on our website at discounted prices.
Akshay Ram on Adobe's Creative Strategy and Execution, the Present and Future...Neil Horowitz
On episode 271 of the Digital and Social Media Sports Podcast, Neil chatted with Akshay Ram, Product Manager for Adobe, who also has a lot of knowledge and insight into sports creative.
What follows is a collection of snippets from the podcast. To hear the full interview and more, check out the podcast on all podcast platforms and at www.dsmsports.net
Belgium vs Slovakia Belgium announce provisional squad for Euro Cup 2024 Thib...Eticketing.co
Euro 2024 fans worldwide can book Belgium vs Slovakia Tickets from our online platform www.eticketing.co. Fans can book Euro Cup Germany Tickets on our website at discounted prices.
4. @brysonbort
Who
UNC 2452 - FireEye designation
https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure
5. @brysonbort
Who else
● Late 2020
● API Auth Bypass: https://nvd.nist.gov/vuln/detail/CVE-2020-10148
● Deploy Supernova, a .NET web shell, via Powershell
https://www.zdnet.com/article/supernova-malware-clues-link-chinese-threat-group-spiral-to-solarwinds-hacks/
6. @brysonbort
Ain’t no sunshine when you’re low
SUPERNOVA
Malware designed to appear to be part of a
SolarWinds product.
● a malicious, unsigned webshell .dll
“app_web_logoimagehandler.ashx.b6031896.
dll”
● vulnerability in the Orion Platform to enable
deployment of the malicious code.
7. @brysonbort
See Sunspot. Sunspot run.
SUNBURST
SUNSPOT injected SUNBURST
into the Orion Platform during the
build process.
SUNSPOT monitors running
processes during compilation of the
Orion product and replaces one of
the source files.
https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
8. @brysonbort
Then… It Rains
TEARDROP (FireEye)
1. memory only dropper that runs as a service, reads from the file “gracious_truth.jpg”
2. checks that HKUSOFTWAREMicrosoftCTF exists, decodes an embedded payload using a custom
algorithm and manually loads into memory an embedded payload with custom PE-like file format.
3. customized Cobalt Strike BEACON.
RAINDROP (Symantec)
1. loader which delivers Cobalt Strike.
2. unknown inject: appears to have been used for spreading across the victim’s network.
3. Shellcode
4. active directory query tool and credential dumper designed specifically for SolarWinds Orion
databases.
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-
compromises-with-sunburst-backdoor.html
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware
9. @brysonbort
GoldMax / SUNSHUTTLE
● unknown inject
● second-stage backdoor written in GoLang that features some detection evasion capabilities.
● SUNSHUTTLE - Mandiant cannot confirm connection
● decoy traffic!
https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
https://www.fireeye.com/blog/threat-
research/2021/03/sunshuttle-second-stage-backdoor-targeting-
us-based-entity.html
10. @brysonbort
Sibot
● dual-purpose malware implemented in VBScript.
○ persistence
○ download and execute a payload from a
remote C2 server
● legitimate but compromised website to
download a DLL to a folder under System32
https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
11. @brysonbort
GoldFinder
● written in Go
● HTTP request to a hardcoded IP address
● logs the HTTP response to a plaintext log file
● identifies all HTTP proxy servers and other redirectors such as network security
devices
https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
14. @brysonbort
SolarWinds
SolarWinds CEO Sudhakar Ramakrishna provides a bit more detail about the
three possible intrusion vectors that he referenced during Tuesday's Senate
hearing.
● password spraying
● credential theft
● vulnerability in third-party software
16. @brysonbort
What Else Happened
30% of govt & private-sector victims had no direct connection to SolarWinds:
○ The hackers took advantage of known Microsoft configuration issues to trick systems
into giving them access to emails and documents stored in the cloud:
○ Russian hacking operation was “substantially more significant” than Cloudhopper: a
2016 Chinese-led espionage campaign. --Brandon Wales, Acting CISA Director
24. @brysonbort
Takeaways
There is NO Cyber Defense
https://cyberdefensereview.army.mil/Portals/6/Documents/CDR%20Journal%20Articles/There%20IS%20No%20Cyber_Bort.pdf?v
er=2018-07-31-093713-563
The definition of Cybersecurity
Nothing is unhackable
25. @brysonbort
Takeaways
● The Perimeter is dead.
● Your Risk includes every vendor, every product,
everything that you are connected with.
● Your largest Surface Area of Risk is PEOPLE.
● Assume Breach.
○ Detect
○ Respond
○ Remediate
26. @brysonbort
All of the Resources
MITRE ATT&CK Team:
https://github.com/center-for-threat-
informed-defense/public-
resources/blob/master/solorigate/READ
ME.md
SCYTHE Emulation Library:
https://www.scythe.io/threatthursday
What it Says:
A Chinese-linked cyberattack exploiting vulnerabilities in Microsoft’s on-premises Exchange email software likely compromised 30,000+ U.S. businesses, govt offices, & schools:
Hafnium -- the Chinese hacking group -- stealthily attacked several targets in Jan., but escalated its efforts to find as many vulnerable networks as possible after MSFT’s Tuesday patch release.
The hackers were able to access victims’ email servers without a password, allowing them to steal emails & install “backdoors” for future surveillance.
Most victims appear to be small and medium-size organizations -- many large orgs now use Microsoft’s cloud-based O365, which wasn’t impacted.
