$30 off During Our Annual Pro Sale. View Details »

A Game of Pwns

Scott J. Roberts
November 08, 2014
Technology
1
5.1k

A Game of Pwns

My talk for the BSidesDFW 2014. Unfortunately it didn't turn out quite as originally envisioned, but ended up being a great discussion about incident response preparation & processes.

Scott J. Roberts

November 08, 2014
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Homemade Ramen & Threat Intelligence
sroberts
2
410
Introduction to Open Source Security Tools
sroberts
3
4.7k
Building Effective Threat Intelligence Sharing
sroberts
1
92
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
84
Crisis Communication for Incident Response
sroberts
1
260
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3k
Community Intelligence & Open Source Tools
sroberts
5
1k
Responding @ Scale: osquery for Mass Incident Response and Detection
sroberts
1
12k
Hipster DFIR on OSX
sroberts
2
920

Other Decks in Technology

See All in Technology
合宿はいいぞ / Training camp is so good.
okamototakuyasr2
0
120
Parsing case study in Go / Go Conference mini 2023 Winter IN KYOTO
k1low
2
380
re:Invent2023で登場した運用開発用の可視化ツールたちを実際に見てみよう
yoshimi0227
0
360
技術広報経験0のEMがエンジニアブランディングをはじめてみた
coconala_engineer
1
140
AWSに関わる全ての エンジニアへの変革!
ysasago
2
130
CTO of the year 2023ピッチ資料(オーディエンス賞)チューリングCTO青木
aoshun7
0
720
更新”しない”ドキュメント管理 「イミュータブルドキュメントモデル」の実運用
kosui
11
1.5k
AWS re:Invent 2023 わざわざ現地まで行く意味あるの?→ありました
minorun365
PRO
5
1k
Notionへのデータ移行を成功させる5つのポイント - NIFTY Tech Day 2023
niftycorp
0
140
ニフティの過去・現在・未来 - NIFTY Tech Day 2023
niftycorp
0
160
GoのProtocプラグインを活用した効率的な負荷試験戦略 / Efficient Load Testing Strategies Utilizing the Go Protoc Plugin
biwashi
0
120
GPTsによるアシスタント業務の改善
neonankiti
2
290

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
chrisshort
26
45k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
2.7k
Three Pipe Problems
jasonvnalue
89
9.3k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
12
1.1k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
240
20k
Facilitating Awesome Meetings
lara
37
5.2k
WebSockets: Embracing the real-time Web
robhawkes
58
6.6k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
33
8.6k
The Brand Is Dead. Long Live the Brand.
mthomps
48
7.5k
Embracing the Ebb and Flow
colly
77
3.9k
Unsuck your backbone
ammeep
660
56k
Building an army of robots
kneath
299
41k

Transcript

  1. A Game of Pwns
    An Exercise of Exploits & Dice

    View Slide

  2. Me
    ✦ Incident Responder @
    GitHub
    ✦ 10 years Incident Response
    & Threat Intel Experience
    ✦ Avid Gamer & GoT Fan….

    View Slide

  3. Schedule
    ✦ Introduction
    ✦ Character & Team Setup
    ✦ Scenarios
    ✦ After Action
    ✦ Closing

    View Slide

  4. Introduction

    View Slide

  5. schedule
    ✦ Introduction
    ✦ IR Process
    ✦ Scenarios
    ✦ After Action
    ✦ Closing

    View Slide

  6. Incident
    LIfeCycle

    View Slide

  7. Preparation
    Detection & Analysis
    Containment, Eradication,
    & Recovery
    Post Incident Activity
    IR Cycle

    View Slide

  8. • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target
    Kill Chain

    View Slide

  9. Scenarios

    View Slide

  10. Single Host
    Compromise
    Scenarios

    View Slide

  11. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  12. Volumetric
    DDoS
    Scenarios

    View Slide

  13. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  14. Social
    Network
    Compromise
    Scenarios

    View Slide

  15. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  16. “APT Style”
    attack
    Scenarios

    View Slide

  17. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  18. After Action
    Report

    View Slide

  19. Thanks for
    playing!

    View Slide

  20. @sroberts
    &
    [email protected]

    View Slide