SolarWinds
SolarWinds took the world by surprise, but what made it damaging was the limited knowledge of an adversary jumping from on-premises to the cloud, thanks to Identity and federation of trusts.
Here is a breakdown of SolarWinds, broken down into byte (see what I did?) chunks.
This hits on many things, including:
- Supply chain attacks
- Their relationship with downstream applications
- Their relationship to identity and service accounts
- How the adversary can jump from on-premises Active Directory (AD) to the cloud (in this case Azure)
If you want to force service accounts to act as service accounts, check out this previous post.
Happy hunting!
Andrew