This week, Adam and Andy revisit some more guidance that has come out about Sunburst/Solarigate since the initial breach. Additionally, they share some thoughts about this week's insurrection at the US Capitol and the cybersecurity implications. Finally, with a Biden administration and a Democratic controlled government, Andy and Adam speculate on what might be taken up as priority when it comes to tech policy.

Documentation:

Microsoft Solarigate Resource Center

Using Splunk to Detect Sunburst Backdoor

Analyzing Solorigate, the compromised DLL file  that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

Using Microsoft 365 Defender to protect against Solorigate

M365 advanced hunting queries

Understanding "Solorigate"'s Identity IOCs - for Identity Vendors and their customers

Protecting Microsoft 365 from on-premises attacks

Contact:

Twitter: @bluesecuritypod

Instagram: @bluesecuritypodcast

Andy Jaw

Twitter: @ajawzero

LinkedIn: andyjaw

Email: [email protected]

Adam Brewer

Twitter: @ajbrewer

LinkedIn: adambrewer

Email: [email protected]