Detecting Lateral Movement Natively in Windows [feat. SolarWinds, Sunburst]
Wednesday, March 17th @ 12:30pm to 1:30pm Eastern
Join us for a webinar from Casey Preister of Atomicorp as he discusses “Detecting Lateral Movements Natively in Windows featuring SolarWinds and Sunburst“.
The widely reported December 2020 hack of the SolarWinds Orion network performance monitoring system employed a sophisticated series of takeover steps that included backdoors, expired domains, the use of Orion itself as a vector, compromised credentials, and malware implants, all to steal data and compromise systems.
The attack, referred to as Sunburst, Sunburst Backdoor, and Dark Halo, may have begun with undetectable malicious code, but subsequent stages were anything but undetectable. In the lab, I reconstructed Sunburst and monitored it with OSSEC. I uncovered multiple warning signs that looked like all-too-common ‘blip’ occurrences, but they were not. These so-called “false negatives” were actually the start of something malicious…