The Optus Breach: How Bad Code Keeps Happening to Good Companies
First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here and others indicated in references section below.On Thursday this week, Australia’s second-largest telecom company, Optus, announced it had suffered a major data breach that had compromised ... Read More
Log4Shell : JNDI Injection via Attackable Log4J
Log4Shell : JNDI Injection via Attackable Log4JApache log4j2 is one of the most widely utilized logging library in the Java ecosystem. Many applications depend on log4j that include and are not limited to VMware, Apple, Twitter, Minecraft to plethora of open-source projects like Apache Solr, Apache Druid, and many more.On November 30, ... Read More
Evolving Threat series — Infiltrating NPM’s Supply Chain (UA-Parser-js)
Evolving Threat series — Infiltrating NPM’s Supply Chain (UA-Parser-js)And if you think your are safe (as you recently procured a well marketed commercial open source dependency scanner) is when you are most in danger as all such tools lack intelligence to track such advanced infiltration patterns.The phrase “Think like an Attacker” is ... Read More
Connecting RaaS, REvil, Kaseya and your security posture
Ransomware is an epidemic that adversely affects the lives of both individuals and large companies, where criminals demand payments to release infected digital assets.In the wake of the ransomware success, Ransomware-as-a-Service (RaaS) is being offered as a franchise model that allows people without programming skills to become active attackers and take ... Read More
#Solorigate : SUPERNOVA forensics using Code Property Graph
#Solorigate : SUPERNOVA forensics using Code Property GraphThe fallout of SolarWinds compromise has resulted in a bevy of new malware families, each with different characteristics and behaviors.SolarWinds advisory : https://www.solarwinds.com/securityadvisory#anchor2In this post, we will focus on the SUPERNOVA trojan, describing how this weaponized DLL was patched into Solarwinds SDLC (Software Development Life Cycle) ... Read More
A Month of Reckoning for SaaS software creators and consumers
An illustration of transitive and deeply connected software supply chainsThe U.S. was caught off guard by foreign interference in the 2016 election. Given the powerful role of social media in political contests, understanding the Russian efforts was crucial in preventing or blunting similar, or more sophisticated, attacks in the 2020 congressional ... Read More
SolarWinds SUNBRUST backdoor investigation using ShiftLeft’s Code Property Graph
If you’ve arrived to this post, I’d suggest reading the Part-1 and Part-2 to gain context.FireEye released additional details here (on December 24th, 2020) that is well worth reading.With the increase of complexity in software and the availability of complex and customizable malware, the amount of work required by a malware analyst ... Read More
SUNBURST SolarWinds BackDoor : Crime Scene Forensics Part 2 (continued)
SUNBURST SolarWinds BackDoor : Crime Scene Forensics Part 2 (continued)First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available informationIf you’ve arrived to this post, I’d suggest reading the prior post to gain context.As details are still emerging, let’s ... Read More
Visual Notes : SolarWinds Supply Chain compromise using SUNBURST backdoor (detected by FireEye)
Visual Notes : SolarWinds Supply Chain compromise using SUNBURST backdoor (detected by FireEye)First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here (FireEye) and others indicated in references section below.FireEye discovered the supply chain attack that trojanized SolarWinds ... Read More
Crane lifting Scala onto Code Property Graph to conduct vulnerability analysis
Image Courtesy : https://www.huismanequipment.com/The Scala language has continued to gain popularity over the last several years, thanks to its excellent combination of functional and object-oriented software development principles, and its implementation on top of the proven Java Virtual Machine (JVM). Although Scala compiles to Java bytecode, it is designed to improve ... Read More