My talk for the BSidesDFW 2014. Unfortunately it didn't turn out quite as originally envisioned, but ended up being a great discussion about incident response preparation & processes.
A Game of PwnsAn Exercise of Exploits & Dice
View Slide
Me✦ Incident Responder @GitHub✦ 10 years Incident Response& Threat Intel Experience✦ Avid Gamer & GoT Fan….
Schedule✦ Introduction✦ Character & Team Setup✦ Scenarios✦ After Action✦ Closing
Introduction
schedule✦ Introduction✦ IR Process✦ Scenarios✦ After Action✦ Closing
IncidentLIfeCycle
PreparationDetection & AnalysisContainment, Eradication,& RecoveryPost Incident ActivityIR Cycle
• Reconissance• Weaponization• Delivery• Exploitation• LocaL & Network Persistence• Command & Control• Actions Over TargetKill Chain
Scenarios
Single HostCompromiseScenarios
Scenarios• Reconissance• Weaponization• Delivery• Exploitation• LocaL & Network Persistence• Command & Control• Actions Over Target
VolumetricDDoSScenarios
SocialNetworkCompromiseScenarios
“APT Style”attackScenarios
After ActionReport
Thanks forplaying!
@sroberts&[email protected]