Getting Burned by Solar Winds - and How to Hunt for it in a Microsoft Network
2021-06-12, 13:00–13:45, Track 1

How was Solar Winds executed? We'll break the attack down into the MITRE ATT&CK components and then review how to use the Microsoft hunting tools to identify indicators of the attack.

No doubt, you've heard about the recent attack that leveraged a technology software supplier, Solar Winds, to compromise a large number of organizations, including many in the IT industry and U.S. government agencies. This was the world’s most serious nation-state cyberattacks, and has raised a number of questions, including "How do I know if I was impacted?"
In this session, I'll talk about how the attack was carried out, and more importantly, how customers using Microsoft tools can identify the TTP's indicating a compromise in their own environment.

David works as a security architect at Microsoft, helping Microsoft partners learn and deploy the latest Microsoft security technologies in Microsoft 365 and Azure. He is currently focused on Azure Sentinel and Microsoft 365 Defender technologies, and how to implement them correctly in customer environments. David holds numerous certifications, including CISSP, GISP, GSEC, GCED, GCWN, GCIH, GMOB and a bunch of Microsoft certifications.