Thread by @Ch33r10, ICYMI: @SANSInstitute Webcast on #SolarWinds #IOCs #CTI #ThreatIntel @MalwareJake That's a YES [...]

🎄Ch33r10-m4$🎄

Ch33r10

Read on Twitter

ICYMI: @SANSInstitute Webcast on #SolarWinds #IOCs #CTI #ThreatIntel @MalwareJake

That's a YES for APT #SolarWinds #CTI #ThreatIntel @SANSInstitute Webcast @MalwareJake

Sandboxing wouldn't have helped
High Confidence to evade detection in a high-security environment
#SolarWinds #CTI #ThreatIntel @SANSInstitute Webcast @MalwareJake

Huge Shoutout to @msftsecurity
@SANSInstitute Webcast @MalwareJake #SolarWinds

Known paths for SolarWinds Orion

#SolarWinds @SANSInstitute Webcast @MalwareJake
https://twitter.com/KyleHanslovan/status/1338506923642122243?s=20
https://gist.github.com/KyleHanslovan/0c8a491104cc55d6e4bd9bff7214a99e

https://twitter.com/KyleHanslovan/status/1338506923642122243?s=20

Recommendations #SolarWinds @SANSInstitute Webcast with @MalwareJake #CTI #threatintelligence
If you have SolarWinds Orion assume you are compromised.

Recommendations 2
THREAT HUNT. You have to look backwards. They are a very capable group and most likely watching this webcast. @SANSInstitute webcast with @MalwareJake #SolarWinds #CTI #ThreatIntel

If you don't have SolarWinds Orion
Threat Model! Logging & Retention...
How would I detect this? Do I have logs? Do I have 9 months + of Logs???
@SANSInstitute Webcast with @MalwareJake #SolarWinds #threatintel #cti

This compromise would have been VERY difficult to detect. (ie don't feel bad...

#hugops )

@SANSInstitute #SolarWinds webcast with @MalwareJake #cti #threatintel

This compromise would have been VERY difficult to detect. (ie don't feel bad... #hugops ) @SANSInstitute #SolarWinds webcast with @MalwareJake #cti #threatintel

TY to the FireEye team, SANS faculty/staff, and everyone in the community! <3
Sharing is Caring!

BURN IT DOWWWWNNNN!

(some personal interpretation...sorry not sorry)
Also, TY to Jake!!!!
@SANSInstitute webcast #SolarWinds with @MalwareJake #threatintel #cti @robtlee

TY to the FireEye team, SANS faculty/staff, and everyone in the community! <3 Sharing is Caring! BURN IT DOWWWWNNNN! (some personal interpretation...sorry not sorry)Also, TY to Jake!!!! @SANSInstitute webcast #SolarWinds with @MalwareJake #threatintel #cti @robtlee

https://twitter.com/Ch33r10/status/1338610615506579458?s=20

https://twitter.com/Ch33r10/status/1338610615506579458?s=20

You can follow @Ch33r10.

Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: