Security Q&A: A (Very Slight) Upside to Solorigate and Top Blue Team Attack Tools

Security expert Sergey Chubarov on the current security landscape and how the SolarWinds attack can change cybersecurity for the better.

Due to widespread deployment, Microsoft 365 is fast becoming one of the most critical attack surfaces, if not the most critical attack surface, in all of IT. That's why Redmond's conference arm, TechMentor, will be holding a two-day hands-on virtual training seminar Feb. 11-12 on "Offensive and Defensive Security of Microsoft 365."

We caught up recently with our expert presenter, Sergey Chubarov, for an e-mail Q&A about the current security landscape.

Redmond: Have the recent SolarWinds/Solorigate attack discoveries changed your attitude about anything related to security, and specifically to Microsoft 365 security?
Chubarov: As a security expert, it is difficult for me to define my attitude to this event. On the one hand, companies suffer financial and reputational losses as a result of a cyberattack, and this is not good. On the other hand, the IT and cybersecurity industry can benefit from this.

In many companies, cybersecurity is reactive. Companies implement security services after some significant events, such as hacking of their infrastructure or massive breaches. I hope now more companies are thinking about using cloud infrastructure and security services

What are your favorite tools for blue team attacks on Microsoft 365/Office 365/Azure/Azure AD and why?
The blue team's main tool is SIEM [security information and event management]. If you want to cover all of the listed data sources, then this is Azure Sentinel. However, the effectiveness of SIEM depends on the quantity and quality of connected sources.

"In many companies, cybersecurity is reactive. Companies implement security services after some significant events, such as hacking of their infrastructure or massive breaches."

Sergey Chubarov

My favorite source is Microsoft Defender for Endpoints. According to my research, it has the highest detection and integration with Windows clients/servers.

Do you find the Kali for Windows application a useful pentesting tool, and if so, how do you recommend using it versus a native Kali Linux box or other pentesting platform?
I tried Kali for Windows once in 2018. Microsoft Defender AV killed this application right after I launched it. I prefer native Kali Linux. However, since the target of penetration testing is Windows, Kali is not enough. I am also using Commando VM from FireEye along with MS Visual Studio.

What's the most important theme that you hope attendees of your upcoming security seminar understand about Microsoft 365 security?
When I see "eye-opener" in feedback, I think I have achieved my goal. By using an offensive approach and showing how traditional security tools can be bypassed, I demonstrate the possible flaws in common cybersecurity configuration. The ideal result is change in the attendees' perceptions about the dangers of different security configurations and information on how to fix them.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Weird Blue Tunnel Graphic

    Microsoft Goes Deep on 'Solorigate' Secondary Attack Methods

    Microsoft on Wednesday published an analysis of the second-stage "Solorigate" attack methods used by an advanced persistent threat (APT) attack group.

  • Microsoft Talks Teams and SharePoint at Modern Workplace Event

    It's a hybrid world, but remote work is here to stay, according to Microsoft's Teams and SharePoint head Jeff Teper.

  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

comments powered by Disqus