Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A Game of Pwns

A Game of Pwns

My talk for the BSidesDFW 2014. Unfortunately it didn't turn out quite as originally envisioned, but ended up being a great discussion about incident response preparation & processes.

Scott J. Roberts

November 08, 2014
Tweet

More Decks by Scott J. Roberts

Other Decks in Technology

Transcript

  1. A Game of Pwns
    An Exercise of Exploits & Dice

    View Slide

  2. Me
    ✦ Incident Responder @
    GitHub
    ✦ 10 years Incident Response
    & Threat Intel Experience
    ✦ Avid Gamer & GoT Fan….

    View Slide

  3. Schedule
    ✦ Introduction
    ✦ Character & Team Setup
    ✦ Scenarios
    ✦ After Action
    ✦ Closing

    View Slide

  4. Introduction

    View Slide

  5. schedule
    ✦ Introduction
    ✦ IR Process
    ✦ Scenarios
    ✦ After Action
    ✦ Closing

    View Slide

  6. Incident
    LIfeCycle

    View Slide

  7. Preparation
    Detection & Analysis
    Containment, Eradication,
    & Recovery
    Post Incident Activity
    IR Cycle

    View Slide

  8. • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target
    Kill Chain

    View Slide

  9. Scenarios

    View Slide

  10. Single Host
    Compromise
    Scenarios

    View Slide

  11. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  12. Volumetric
    DDoS
    Scenarios

    View Slide

  13. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  14. Social
    Network
    Compromise
    Scenarios

    View Slide

  15. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  16. “APT Style”
    attack
    Scenarios

    View Slide

  17. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  18. After Action
    Report

    View Slide

  19. Thanks for
    playing!

    View Slide

  20. @sroberts
    &
    [email protected]

    View Slide