David works as a security architect at Microsoft, helping Microsoft partners learn and deploy the latest Microsoft security technologies in Microsoft 365 and Azure. He is currently focused on Azure Sentinel and Microsoft 365 Defender technologies, and how to implement them correctly in customer environments. David holds numerous certifications, including CISSP, GISP, GSEC, GCED, GCWN, GCIH, GMOB and a bunch of Microsoft certifications.
How was Solar Winds executed? We'll break the attack down into the MITRE ATT&CK components and then review how to use the Microsoft hunting tools to identify indicators of the attack.