https://www.msuiche.com/categories/dfir/Recent content in Dfir on Matt SuicheHugoen-usFri, 25 Dec 2020 00:00:00 +0000https://www.msuiche.com/posts/sunburst-memory-analysis/Fri, 25 Dec 2020 00:00:00 +0000https://www.msuiche.com/posts/sunburst-memory-analysis/<p>The recent SolarWind&rsquo;s hack which resulted in a backdoor version of their SolarWind Orion product which counts 33,000 customers has been all over the news in the past few weeks - most things have been said and repeated, although there are few notes that I mentioned on Twitter which I would like to compile in a blogpost for perenniality.</p> <p>First of all, I would like to point out to the presence in the backdoor process blacklist (<em>the full list can be found on <a href="https://github.com/ITAYC0HEN/SUNBURST-Cracked" target="_blank" rel="noopener">Itay Cohen&rsquo;s repository</a></em>) of several processes that can be used for either:</p>