Chetan Conikee

ShiftLeft Blog - Medium

First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here and others indicated in references section below.On Thursday this week, Australia’s second-largest telecom company, Optus, announced it had suffered a major data breach that had compromised ... Read More

Log4Shell : JNDI Injection via Attackable Log4JApache log4j2 is one of the most widely utilized logging library in the Java ecosystem. Many applications depend on log4j that include and are not limited to VMware, Apple, Twitter, Minecraft to plethora of open-source projects like Apache Solr, Apache Druid, and many more.On November 30, ... Read More

Evolving Threat series — Infiltrating NPM’s Supply Chain (UA-Parser-js)And if you think your are safe (as you recently procured a well marketed commercial open source dependency scanner) is when you are most in danger as all such tools lack intelligence to track such advanced infiltration patterns.The phrase “Think like an Attacker” is ... Read More

Ransomware is an epidemic that adversely affects the lives of both individuals and large companies, where criminals demand payments to release infected digital assets.In the wake of the ransomware success, Ransomware-as-a-Service (RaaS) is being offered as a franchise model that allows people without programming skills to become active attackers and take ... Read More

#Solorigate : SUPERNOVA forensics using Code Property GraphThe fallout of SolarWinds compromise has resulted in a bevy of new malware families, each with different characteristics and behaviors.SolarWinds advisory : https://www.solarwinds.com/securityadvisory#anchor2In this post, we will focus on the SUPERNOVA trojan, describing how this weaponized DLL was patched into Solarwinds SDLC (Software Development Life Cycle) ... Read More

An illustration of transitive and deeply connected software supply chainsThe U.S. was caught off guard by foreign interference in the 2016 election. Given the powerful role of social media in political contests, understanding the Russian efforts was crucial in preventing or blunting similar, or more sophisticated, attacks in the 2020 congressional ... Read More

If you’ve arrived to this post, I’d suggest reading the Part-1 and Part-2 to gain context.FireEye released additional details here (on December 24th, 2020) that is well worth reading.With the increase of complexity in software and the availability of complex and customizable malware, the amount of work required by a malware analyst ... Read More

SUNBURST SolarWinds BackDoor : Crime Scene Forensics Part 2 (continued)First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available informationIf you’ve arrived to this post, I’d suggest reading the prior post to gain context.As details are still emerging, let’s ... Read More

Visual Notes : SolarWinds Supply Chain compromise using SUNBURST backdoor (detected by FireEye)First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here (FireEye) and others indicated in references section below.FireEye discovered the supply chain attack that trojanized SolarWinds ... Read More

Image Courtesy : https://www.huismanequipment.com/The Scala language has continued to gain popularity over the last several years, thanks to its excellent combination of functional and object-oriented software development principles, and its implementation on top of the proven Java Virtual Machine (JVM). Although Scala compiles to Java bytecode, it is designed to improve ... Read More