SolarWinds breach: Insights from the trenches | Live incident response demo | Cyber Work Podcast

Показать описание

It’s been a busy week for cybersecurity professionals as they respond to the SolarWinds breach. On December 13, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products" as they were being actively exploited by malicious actors.

Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach. In this live discussion and incident response demo (recorded Friday, December 18) he covers:

0:00 Intro
1:22 Agenda
4:55 What happened with the SolarWinds breach
15:58 Immediate action you can take
19:14 Industry responses
25:40 FireEye IOCs and Snort rules
29:20 Live demo of Snort
44:30 Live demo of memory forensics
1:09:30 Q&A with live attendees
1:29:40 Keatron's courses and outro

SolarWinds and incident response resources discussed by Keatron:

About Infosec

Рекомендации по теме

Комментарии

Connect with Keatron and stay up to date on the latest SolarWinds developments:

InfosecEdu

With widespread distrust of automatic updates (esp Windows Updates), I'm really hoping to see companies address this debate for users. Should we all postpone or manually force currently available updates? When should we postpone?

AquaeAtrae

Good video, will you demo the PoC when Trustwave releases it on Feb 9?

hackerblack

Very good webinar, please do more of these for the SolarWinds backdoor! Thanks!

kosmonautofficial

Awesome podcast ever. Thanks for the infosec team. 👍❤️

ranjithsp

You guys are smart. I'm going to stick to my snowboard videos. Keep up the great work.

alec

How can I connect with Keatron in Email?

noufal

He said that he ran the dumped process in a sandbox. Can someone please tell me how to do this?

barneee

If Microsoft didn't pop up the Edge browser every time I unlock my computer, and not provide an option to undo it, I might feel bad for them.

jessedameron

SolarWinds breach: Insights from the trenches | Live incident response demo | Cyber Work Podcast

SolarWinds breach: Insights from the trenches | Live incident response demo | Cyber Work Podcast

Lessons Learned from the SolarWinds Breach

Lessons Learned From The SolarWinds Breach: Security Experts

Insights on Modern Day Cyberwarfare: Considerations from the SolarWinds Breach

The SolarWinds Hack Explained | Cybersecurity Advice

Data Resilience in Cyber Security: Insights from the SolarWinds Breach

Anatomy of a Breach: Lessons from SolarWinds

The SolarWinds Hack: The Largest Cyber Espionage Attack in the United States

The SolarWinds Data Breach Explained

SolarWinds Breach: An RSAC Interview with Dmitri Alperovitch About Who, How and Why

SolarWinds Breach Briefing | SecurityMetrics News 1

SolarWinds Breach - Who was to Blame? Diagramed step by step fault explained.

How did SolarWinds' massive data breach go undetected for months?

Lessons from the SolarWinds Cybersecurity Breach [Data and Cybersecurity in Digital Transformation]

SolarWinds Breach - Lessons Learned & Practical Tips

Lessons Learned from a Cyberattack: A Conversation with SolarWinds (Part 1 of 2)

SUNBURST From The Inside – Tim Brown, CISO of SolarWinds

Russian Hacking: Inside the SolarWinds Breach Revealed

SolarWinds breach remediation with Stellar Cyber

The SolarWinds Breach: What Happened and Where Do We Go From Here?

The SolarWinds Breach & Code Signing

SolarWinds Breach Explainer Video | TISTA

Solarwinds Breach OOPS!

Quick Info on the Solarwinds Breach