I've also written a script to just revoke Solarwinds compromised certificate https://github.com/technion/RevokeSolar
This SUNBURST situation really blew up. I've written a simulator/demonstration for the evasion workflow. https://github.com/technion/SUNBURSTsim
https://lolware.net/2020/09/02/autodiscover-circus.html Dumping corporate credentials by compromised an unrelated marketing website.
Or whoever shipped these commands to end users
Or on this project
Or this person on an unrelated Microsoft repo
Let's not forget telling developers that the "debug a process" privilege is just something they'll never have again. Again, consider doing work on personal, unsecured and unmanaged computers.
There's a setting regarding outbound RPC connections. The "secure" sounding option prevents Connect-MSOLService from ever authenticating. Solution of course, from now on people will use personal desktops to logon to Azure as an administrator.
There's a Swiftonsecurity thread about messing with security settings doing more harm than good. I have many examples of this. 1) After being forced to implement the CIS benchmarks *exactly*, it was noted that the "Backup files and directories" was now restricted to "Domain Admins" because adding someone was bad. Suddenly a whole backup team were made domain admins in order to do their job.
Today's blog, Abusing Safebrowse to build a list of credentials: https://lolware.net/2019/05/12/abusing-safebrowse.html
Building a web scraper is a terrible experience for someone driven on correctness. You can implement a common algorithm and you can spend a lot of time working to get it 100% accurate. Or you can implement a scraper and know fully that it'll magically break next week when the site you scrape updates.
The original UK NCSC article had much better detail, but I really appreciate this sort of thing hitting mainstream news. It's good seeing stuff you've argued for years getting credibility. https://www.theguardian.com/technology/2019/apr/21/cybercrime-hacking-internet-account-passwords
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!