Webinars

SUNBURST: A Deep Dive into the Scariest Supply Chain Attack Yet

SolarWinds.Orion.Core.BusinessLayer.dll is a file name that shall live in infamy. A highly sophisticated attacker apparently compromised the SolarWinds build process and inserted a backdoor into this DLL upstream from it being digitally signed with SolarWinds code-signing certificate. Then it was distributed as part of the Orion product to up to potentially 18,000 customers. Orion was an attractive target for this supply chain attack because systems monitoring software often communicates with and potentially has privileged access to every system on a network worth monitoring.

In this real training for a free event, we will take you on a deep dive into SUNBURST and share everything we know including how:

  • The attackers compromised the Orion build process to trojanize SolarWinds.Orion.Core.BusinessLayer.dll.
  • The malware works once it is deployed by a customer
  • SUNBURST sits tight for a few weeks and then attempts to stealthily make contact with its controllers.
  • If directed, it then proceeds to move laterally through the network using a number of credential theft and impersonation techniques

Bring two tanks for this dive because senior security researcher, Chad Anderson from DomainTools, will then take over and dissect SUNBURST’s C2 network traffic. You will learn how SUNBURST tries to quietly find its C2 server using DNS infrastructure and communicate with it. We will explore how SUNBURST attempts to blend in by appropriating Orion Improvement Program protocol for its own use as a “cover” protocol for encapsulating its C2 traffic.

Please join us for this real training for a free event. DomainTools will finish by conducting further analysis of the SolarWinds supply chain incident within the Iris investigation platform.

Related Content

Abstract digital DNS network connections with nodes and lines in purple and blue hues on a dark background, symbolizing concepts of technology and data communication in healthcare.
Webinar

Vital Signs: Using DNS to Predict Adversary Moves in Healthcare

Watch Now
A digital illustration of a complex network, depicted by interconnected lines and nodes with vibrant blue and green colors on a black background, visually represents the concept of "Malicious Intent and You: A Primer on
Webinar

Malicious Intent and You: A Primer on DomainTools Risk Scoring

Watch Now
Abstract image depicting a burst of blue and red light rays emanating from a central bright source, creating a sense of high-speed motion or energy explosion in a dark space, symbolizing the dynamic nature of
Webinar

Protecting Your Environment From the Unknown: Zero Trust and DomainTools

Watch Now
DomainTools Logo
Pricing Contact Login Support Request a Demo

© 2024 DomainTools

DomainTools® and DomainTools™ are owned by DomainTools, all rights reserved.

Privacy Policy    |    California Privacy Notice
Do Not Sell My Personal Information    |    Terms of Service    |    Sitemap