Decompiling the SolarWinds Orion software with the embedded SUNBURST backdoor use to hack nearly the entire Gov, first thing I find: <enforceFIPSPolicy enabled="false"/>
So the US Government is running software with FIPS disabled? Isn't that a violation of a Number of Laws? pic.twitter.com/hlb6qpxGYY— President-Elect Alexander Higgins (@kr3at) December 15, 2020
Note to self: Wide open web service running on port 17777 on localhost. @CodeMonkeyZ This could be a candidate for #DominionVotingSystems forensic audits. pic.twitter.com/XkW4yPLcYl— President-Elect Alexander Higgins (@kr3at) December 15, 2020
He nothing like the most secure election ever running servers with DB Admin permissions and execute permission on dynamic sql. Yeah! And Nevermind DLL indexing on dbm_TimeSerieLegacyDDL. Misspelled table name, also called legacy. What could be wrong there? pic.twitter.com/bemSKCfbmR— President-Elect Alexander Higgins (@kr3at) December 15, 2020
Hey look. Solaris is Security Minded after all. They have library to prevent against Cross Site Scripting Attacks. But oops. That's pretty ancient Web sure has changed alot since 2012 (don't mind that modified date): https://t.co/Q4RT7GqwNu) This library also has security issues. pic.twitter.com/7sCf7y7aUn— President-Elect Alexander Higgins (@kr3at) December 15, 2020
Another ancient library: Antlr3. I wonder what they need for this is? Hope it is for straight grammar parsing and not dynamic code generation. This version going back to 2012 also has many well-known vulnerabilities. https://t.co/q5JVWoTVYD
Source Code : https://t.co/sOIA6haUgW— President-Elect Alexander Higgins (@kr3at) December 15, 2020
And here is the APM (typically stands for App manager) admin Url: /Orion/APM/Admin.sitemap
Wonder if the legacies url still works: /Orion/APM/Admin/Default.aspx
Should definitely test these on #DominionVotingSystems machines to make sure they aren't open. pic.twitter.com/UsMGKnU5en— President-Elect Alexander Higgins (@kr3at) December 15, 2020
Peter Navarro Election Report (36 pages pdf)
https://bannonswarroom.com/wp-content/uploads/2020/12/The-Immaculate-Deception-12.15.20-1.pdf