In 2016 I gave two talks, one at BSidesPhilly and the other at KiwiCon2016, down in New Zealand. However, at the end of the day, SolarWinds Orion needs to have the ability to use the credentials in clear text, so no matter how much encryption they add, it will only ever be obfuscation. They had even made more improvements since 2015 when I first started researching the product. Now that I’ve mentioned their encryption, before we start going down this rabbit hole, I must say that SolarWinds did a fantastic job at doing as much cryptography as possible to ensure that credential theft is not trivial. I have seen everything from regular Active Directory accounts, to AWS/Azure/Meraki API keys, and Cisco enable passwords. SolarFlare parses all of the needed pieces, connects to the database, and decrypts (where possible) all of the account data stored in the database. SolarWinds is not an easy application to quickly identify which credentials are stored in the database. SolarFlare can help identify the accounts that may have been compromised during this breach. The main reason to release the tool publicly, right now, is so businesses can identify one facet of the possible severity of this breach, using a simple command-line tool they can run on their own SolarWinds Orion machines. The reason I developed SolarFlare in the first place was to assist in my Red Team engagements. I’m releasing this tool after a lot of thought surrounding the SolarWinds/FireEye breach.
SOLARWINDS 12 CRACK HOW TO
Not enough is being talked about on how to properly secure SolarWinds Orion machines.Attackers can directly re-infect SolarWinds Orion systems through Erlang and other vulnerabilities. The re-infection possibilities, from one-time access to SolarWinds Orion database and file system, is being underestimated.I recently did a pentest for a firm that had over 200 credentials stored in their SolarWinds Orion database, but only 15 showed in the interface (the SolarWinds credential interface is complicated with sections for each connection type and different panes for each, it may also not properly delete credentials from the database when “removed” from the interface, I am unsure). The accounts stored in an organization’s SolarWinds Orion may be underestimated.Here are the concerns I have regarding the SolarWinds/FireEye breach: