Let me explain this to you simpletons. We live in a post constitutional society. Power isn't given by us to elected leaders. It has been taken by corrupt election procedures, corrupt software and TYRANTS.

Think of the trillions of your dollars they give away to their buddies, vested interests and line their own pockets with.

After 4 years you guys still think the constitutional Republic is gonna save your ass with laws and honesty?

So stop telling me to waste time calling these bastards and stop telling me to waste time walking around some shitty city... because they.... dont.... care.

There are 2 ways this changes:

• we all humble ourselves and turn from our wicked ways and when I say all I mean all who have the power to influence our land.

• we organize and crush the tyrants... and I'm not talking "oregon stand around"

A standaround isn't cutting it anymore.

This is going to be a long and technical post. For those of you in the industry you are fine with that. Many won't be and honestly they should probably just fuck off and let experts analyze this situation.

There is a ton of misinformation being spread about Solarwinds Orion and Fireeye. I'm going to straighten that out with actual informed analysis.

I don't expect this post to go very far... because its real. Because it has facts in it and we live in a post-cybersecurity world. Instead of the freedom we experienced in the industry the last 20 or so years... our brightest minds have been shut down by SJW and liberal ideology. Replaced by inexperienced diversity hires, many of us have been scooped by alphabet agencies and we've sold out for the almighy dollar and the rest of us who haven't sold out have no platform to share critiques and questions on. The normal channels are so infested with shills and disinformation we can't even do the normal analysis that used to come natural in information security... before the government hijacked it and started calling it cybersec to give glorified pencil pushers orgasmic fantasys about the irrelevance of their own position.

CHRONOLOGY DECEMBER 8th - Major news outlets (Including NYT) shared that Fireeye a major cybersecurity firm was hacked... "most likely by Russia". Oooohhs and Ahhhs from mass media. For those of us in the know we recognize that Fireeye and Kevin Mandia are heavily involved in Geopolitics... and that Mandia's firm gave the report to congress that the DNC hack was performed by Russia. This is demonstrably false and the person who received the hacked DNC data (Assange) has basically stated it WAS NOT Russia.

*DECEMBER 13th - * Solarwinds an Enterprise software company who makes the Orion platform which is used for network and oplog monitoring shared a security advisory stating that several builds of its Orion platform had a backdoor in it which they named "Sunburst".

*DECEMBER 14th - * Fireeye releases a breach analysis and in that document they state that due to "automatic update methods" they received the Sunburst backdoor and they speculate that this is how foreign actors were able to breach their system.

*DECEMBER 14th - * CISA a major security/tech thinktank and policy writer for government releases an advisory to shut down Orion servers (basically impossible for critical infrastructure unless you want to remove all optics on the healthy operation of your network

THE STATE OF ORION The ONLY, let me repeat the ONLY trustworthy documentation I've seen thus far comes from Solarwinds. In their security advisory: https://www.solarwinds.com/securityadvisory They state that the following builds of ORION possibly had the Sunburst backdoor in them. 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 That's it. If you aren't currently running a build in that list.. you aren't hacked. Utilizing file hashing Solarwinds can state this with authority. They can compare hashes of their known, safe builds to hashes of builds in the wild that have initiated connections to foreign IPs... see that they don't match and state those builds are compromised.

At this time I've only heard of one company claiming to have had a breach via the Orion backdoor. That is Fireeye, but their own breach analysis states this was speculated, that their own breach was very sophisticated, that the backdoor was delivered via an automatic update service and it was most likely foreign.

The problem with this is many-fold:

• Orion HAS NO AUTOMATIC UPDATE SERVICE. Updates of the platform are initiated manually. Its strange that a company of the caliber of Fireeye would misrepresent this piece of information

• In Cybersec its very hard to make a determination that any hack initiates from a foreign entity. Originating connections can be spoofed, IPs can be tunnelled, forwarded and server space can be hosted on foreign server farms. About the only way you can truly specify a hack as being foreign in nature is if you ID key individuals perpetuating the attack or observe foreign language or code in binaries and network traffic... even this is tough because if a foreign adversary attacks a US based asset, it must utilize English to attack a target, so code most likely utilize an ASCII character set.

• CISA stating to shut down Solarwinds Orion is completely unfounded and irresponsible. This guidance is just as overreaching as saying "wear a mask to stop the spread". It doesn't take into account discovery to see if you are even susceptible, sharing how to properly secure Orion servers or monitoring to actually see if you are compromsed. It assumes the lowest common denominator.

The DOMINION/SOLARWINDS Schizo conspiracy

• I've seen many people stating OMG Dominion uses Solarwinds! They've shown a website with a Dominion logo on it. I've also seen people share a code snippet of HTML from the webpage where they viewed the source. There is a HTML ahref in there that points to "www.solarwinds.com". Just so you know... forensically this means nothing. A Solarwinds Orion webpage is very easy to ID. It will contain numerous javascript code blocks, ASP and json. It will also reference the orion.app AngularJS app. I didn't see any of this in that screenshot... and not that it matters. Solarwinds Orion is a valid monitoring product that thousands of private and government orgs use. It means nothing if Dominion used it. (having a public facing Solarwinds Orion server however could be indicative of bad security practices and having an attack vector though)

CYBERSEC IS DEAD The hack of Fireeye is just another example of how liberalism, communism and groupthink has poisoned our country and its open, free, productive mentality. I could go into much much more detail about this... what I've done to measure threats, sort the misinformation monitor and protect.... but what is the point? I've had C-levels come to me and ask if we should shut down our Orion servers. I told them "no", we are secure and we are monitored but at the end of the day I can't give them the clear reasons why they should trust me instead of the weaponized news cycle.

At this time I don't know what is happening behind the scenes... nor do I care. We've never dealt with speculation in our industry. People in our industry say POC GTFO. They've even published a bible that embodies that spirit and many of us keep a copy in our library... where we showed the lengths we went to demonstrate proof of concept or get the fuck out.

This spirit is dead. I've asked many people if they've demonstrated proof of concept of the Orion hack and none have. Everyone is taking this at face value... they're trusting Fireeye's analysis, they are trusting CISAs guidance.

NONE of that should be trusted. There are numerous indicators that Fireeye had a multi-layered attack which including phishing and social engineering.... yet everything is being directed to Orion. It stinks to high heaven.

I could guess about what really happened and I have... but I'm mainly sharing this to let all of you know out there... if you're spreading uninformed analysis of this you are just falling prey to the disinformation campaign around it. Many of you don't have a fucking clue what you are even reading... you don't even know how fucking servers work or what's possible. When people in our industry say Russia, or complex threat... its almost always ignorance or disinformation. Very few attacks are complex, most breaches are never published... and if they are its to spread disinformation and misdirect. There is never a good reason to share breach analysis unless you want to misdirect for another purpose.

At the end of the day Solarwinds had someone place a backdoor into their software build. Fireeye is spreading analysis that states that's how they were hacked... the news cycle is spreading it and its putting hardship on all of us industry insiders whose CEOS, CISOs and partners are breathing down our necks because of the misrepresentation in the news... that's the facts.

What else is new... its par for the course in clown world 2020 when information security has died.

WHAT DO IF IM AN ADMIN Use that God-given ability that you may have forgot to use.

1. Determine what build of Orion you are using. THIS IS THE NUMBER ONE STEP. If you aren't on the published vulnerable builds of Orion... YOU HAVE NOTHING TO WORRY ABOUT. Patch to latest and inform your C levels or bosses that you are secure.... then perform the normal threat analysis and apply your normal secure policy (CIS TOP 20, AUS DOD, NIST FRAMEWORK). If you aren't securing your servers anyway you need to get better at your job. How's your admin group membership, do you have seperation between accounts, is admin authorization mode turned on in UAC? There are so many things and ways you could prevent an attack like this from occuring its laughable... Do I really believe Fireeye wasn't doing them?

2. Log on to your Solarwinds Orion server (the core server, not the IIS or SQL server) and install Sysmon on it. In your Sysmon template exclude all the normal Orion binaries (images). You'll blow your sysmon up with normal SNMP polling otherwise. This will allow you to watch if files are making callouts to public IPs. Forward this using a log forwarder to a monitoring server such as Graylog, Elastic, Splunk, etc. Graph it and build alerts on it.... but don't worry too much about it if you made it past number 1.

3. You should always be analyzing network traffic. No I don't mean watching alerts.. I mean analyzing streams with Network IDS and stream summary engines. Tools like Zeek should be industry standard, but they aren't.... because this new generation seems to be scared of open source software. With stream summary you can analyze and summarizes normal network traffic and you'll know if your Orion server is making a call to a foreign server. Honestly you should know exactly what IPs and subnets your Orion server talks to on a daily basis. You have to preconfigure its SNMP and Log targets so of course you know exactly what it talks to. Fireeye released SNORT rules to watch for the backdoor beacons. I've inspected the rules and honestly they are pretty rudimentary. They have some pretty straightforward domains in them and honestly I think its a smokescreen and a waste of time but I went ahead and loaded them into SNORT. I just think its Fireeye attempting to give credibility to their narrative. They're are probably honest people doing honest work at Fireeye and that's probably a natural product of that.

4. Even if you were running hotfix5 you can compare the file hashes of the published orion dll with the ones seen in the wild that were compromised and see if you had the Sunburst backdoor on your system. My guess is Fireeye is the only one. I've heard of no other groups that had it.

5. Are you running HIDS. Get an agent on your Orion servers that notifies you of file hash changes. If Fireeye was running HIDS on their Orion server and it was actually the source of the hack they would have known immediately.

6. The whole "automatic update service" shared in Fireeye's breach report was very concerning. It doesn't exist. Companies at "Fireeye's level" don't make mistakes like that and I can't get over that this was in their report. To apply the Orion backdoor you would have had to of obtained the patch from their customer portal and applied it manually.

Based on clear indicators of election fraud Joe Biden will not become our president. We will not accept him, nor the continued destruction of our country.

If all paths fail us we have one. One we have no wish to take but we will for we were born free and we will die free, along with our sons, daughters, parents, grandparents and spouses.

Those of us who believe in freedom and this country will fight for it. Many politicians and authors of our countries downfall will see their blood paint the streets, the purveyors of filth and lies in Hollywood and the media will have their voices permanently silenced.

Many of you have never seen destruction. The fury will be unimaginable and nothing will prepare you for liberty with wings and a sword.

You have till 1/20 to make this right. You have been warned.

Where my cybersec pepes at?

Fireeye, run by Kevin Mandia is a major security contractor.

This company has commented and investigated major political breaches and they were key in spreading the MUH RUSSIA narrative.

They were hacked last week. This week they indirectly blamed the hack on a vulnerability in an application they use Orion, made by SolarWinds which is used to read logs and monitor networking device alerts.

Fireeye said this was a highly evasive attack on them most likely performed by a nation state.

In my experience several things are to be noted:

• usually when somebody states they were attacked by Russia it was an inside job or someone masquerading behind foreign servers, or they are simply making Russia a patsy
• there is no good reason for a company to share a breach with the public unless public data was compromised
• usually a breach analysis isn't performed in a weekend and if it is that info certainly isn't made public in that short time
• Mandia/Fireeye stinks to high heaven, sure they do legit work but parts of this company are severely embroiled in geopolitics
• everybody in the industry is scrambling to patch their Orion servers... CISA recommended shutting them down (basically impossible for most users), is everybody a target? Probably not... a large purveyor of network security info is /r/netsec, owned by the CCP... its all doom and gloom on there
• has proof of concept of a backdoor in Orion even been illustrated yet? I haven't seen it (and I've been investigating myself)
• is SolarWinds a patsy and orion a smokescreen... was Fireeye attacked by someone domestically?
• Schizo time: if Fireeye and Solarwinds were CCP controlled wouldnt it be great to do a PR release where a premier security company gets hacked via Orion, spurring everyone to patch Orion only to get a CCP backdoor installed on major corps monitoring infrastructure around the nation?
• moar schizo: stories are coming out that other govt agencies have been hacked via Solarwinds, is it possible that Fireeye was used to create a narrative that US ops have been compromised to generate probable cause for war or to play off fake elections?

This entire thing stinks. I've seen these things play out many times. Don't trust much of what you hear concerning this... all is not what it seems.

let me be perfectly clear, we are free born Americans and we'll die free.

There is absolutely no point in voting in this fraudulent system. Our politicians failure to defend the constitution, SCOTUS failure to do their duty, election officials failure to do their duty.... are an act of tyranny.

If we fail to act the Republic is dead.

Many of you wore the mask, many of you may take the vax... if you accept this your freedom dies.

The war for freedom starts tonight for those who refuse to die in slavery.

let me be perfectly clear, we are free born Americans and we'll die free.

There is absolutely no point in voting in this fraudulent system. Our politicians failure to defend the constitution, SCOTUS failure to do their duty, election officials failure to do their duty.... are an act of tyranny.

If we fail to act the Republic is dead.

Many of you wore the mask, many of you may take the vax... if you accept this your freedom dies.

The war for freedom starts tonight for those who refuse to die in slavery.

-------------------------------------------------- Attorney General Daniel Cameron --------------------------------------------------

Tell AG Cameron to get on board with the other supporting AGs... Web https://ag.ky.gov/Contact-Us/Pages/default.aspx Phone 502-696-5300

---------------------------------------------- US House of Representatives ----------------------------------------------

Tell your state rep to join with the other 106 House reps who are supporting... https://www.govtrack.us/congress/members/KY#representatives Contact your state legislators so they'll begin fighting Gov Beshear in 2021's 1st session https://apps.legislature.ky.gov/findyourlegislator/findyourlegislator.html

----------------------------- Boards of Education and Superintendents ----------------------------

For you Pedes who have school children, you need to make it a point to contact your county/city superintendents and school board members. The Governor is actively threatening them and they need support (those who are based). Its harder to find their info. You'll have to do a bit of searching. Best method is to pull up DuckDuckGo and search for "xxxx board of education" or "xxxx county/city schools" then search those websites for a directory or contact page.

If you Kentucky Pedes haven't called your AG... do it today!

Email https://ag.ky.gov/Contact-Us/Pages/default.aspx

Phone 502-696-5300

I recommend DOING BOTH!

Attorney General Cameron's line ought to be busy this morning!

FYI a Pede posted a way to get through the phone tree effectively and easily... if they could post that again it'd be much appreciated.

9mm handgun - with at least 15 rd capacity 100-200 rounds hollow points 12 gauge shotgun - with at least 5 shell capacity 8 boxes of 00 Buck shot .223/5.56 or .308/7.62x39 automatic rifle - at least 250 rounds

All bases will be covered. Home defense, long range defense/assault and personal defense/light carry.

Local TV stations and Network TV offices?

He has literally had a COVID press conference 5 days a week for months where he tells the name of every single person who "died of COVID" in our state.

He was on ABC news radio this morning... their fear porn of the week...

When our ancestors fought the American Revolution they risked life and limb and they did it without hiding their faces behind a mask or a keyboard.

At what point does this need to happen? I'm beginning to think that we need this step to save the Republic?

I have no idea how many people are on this site.... 10K? 10K anons is nothing... a 10K strong group of bold unafraid PEOPLE is nothing to laugh at.