User Tools
wiki:start
Differences
This shows you the differences between two versions of the page.
|
wiki:start [2021/01/10 12:03] dk created |
wiki:start [2021/01/10 12:21] (current) dk |
||
|---|---|---|---|
| Line 24: | Line 24: | ||
| * System Services: Service Execution [T1569.002] | * System Services: Service Execution [T1569.002] | ||
| * Compromise Infrastructure [T1584] | * Compromise Infrastructure [T1584] | ||
| + | |||
| + | ====== Mitigation steps ====== | ||
| + | |||
| + | * Implementing multi factor authentication. | ||
| + | * Monitoring all services for any changes in tokens or keys and for malicious activities. | ||
| + | * Re-evaluating API key integrations, SAML integrations and website configuration files. | ||
| + | * Review all system and security policies. | ||
| + | * Resetting user credentials. | ||
| + | * Consider security auditing. | ||
| + | |||
| + | ====== Links to get started ====== | ||
| + | |||
| + | [[https://github.com/fireeye/sunburst_countermeasures|FireEye counter measures]] | ||
| + | |||
| + | [[https://github.com/bambenek/research/blob/main/sunburst/uniq-hostnames.txt|Sunburst unique Hostnames]] | ||
| + | |||
| + | [[https://blog.securityonion.net/2020/12/solarwinds-supply-chain-attack.html|Security onion blog]] | ||
| + | |||
| + | [[https://www.solarwinds.com/securityadvisory|Solarwinds Security Advisory]] | ||
| + | |||
| + | [[https://socprime.com/blog/sunburst-backdoor-detection-solarwinds-supply-chain-attack-on-fireeye-and-us-agencies/|SOC prime]] | ||
| + | |||
| + | [[https://www.compassitc.com/blog/solarwinds-sunburst-hack-and-you-thought-2020-couldnt-get-any-worse|Compass ITC]] | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
wiki/start.txt · Last modified: 2021/01/10 12:21 by dk
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
