1 min read


SolarWinds took the world by surprise, but what made it damaging was the limited knowledge of an adversary jumping from on-premises to the cloud, thanks to Identity and federation of trusts.

Here is a breakdown of SolarWinds, broken down into byte (see what I did?) chunks.

This hits on many things, including:

  • Supply chain attacks
  • Their relationship with downstream applications
  • Their relationship to identity and service accounts
  • How the adversary can jump from on-premises Active Directory (AD) to the cloud (in this case Azure)

If you want to force service accounts to act as service accounts, check out this previous post.

Happy hunting!