Here is a breakdown of SolarWinds, broken down into byte (see what I did?) chunks.
This hits on many things, including:
- Supply chain attacks
- Their relationship with downstream applications
- Their relationship to identity and service accounts
- How the adversary can jump from on-premises Active Directory (AD) to the cloud (in this case Azure)
If you want to force service accounts to act as service accounts, check out this previous post.