A Game of Pwns

A Game of Pwns

My talk for the BSidesDFW 2014. Unfortunately it didn't turn out quite as originally envisioned, but ended up being a great discussion about incident response preparation & processes.

Ded29c7918dce50c65131df03c769004?s=128

Scott J. Roberts

November 08, 2014
Tweet

Transcript

  1. A Game of Pwns An Exercise of Exploits & Dice

  2. Me ✦ Incident Responder @ GitHub ✦ 10 years Incident

    Response & Threat Intel Experience ✦ Avid Gamer & GoT Fan….
  3. Schedule ✦ Introduction ✦ Character & Team Setup ✦ Scenarios

    ✦ After Action ✦ Closing
  4. Introduction

  5. schedule ✦ Introduction ✦ IR Process ✦ Scenarios ✦ After

    Action ✦ Closing
  6. Incident LIfeCycle

  7. Preparation Detection & Analysis Containment, Eradication, & Recovery Post Incident

    Activity IR Cycle
  8. • Reconissance • Weaponization • Delivery • Exploitation • LocaL

    & Network Persistence • Command & Control • Actions Over Target Kill Chain
  9. Scenarios

  10. Single Host Compromise Scenarios

  11. Scenarios • Reconissance • Weaponization • Delivery • Exploitation •

    LocaL & Network Persistence • Command & Control • Actions Over Target
  12. Volumetric DDoS Scenarios

  13. Scenarios • Reconissance • Weaponization • Delivery • Exploitation •

    LocaL & Network Persistence • Command & Control • Actions Over Target
  14. Social Network Compromise Scenarios

  15. Scenarios • Reconissance • Weaponization • Delivery • Exploitation •

    LocaL & Network Persistence • Command & Control • Actions Over Target
  16. “APT Style” attack Scenarios

  17. Scenarios • Reconissance • Weaponization • Delivery • Exploitation •

    LocaL & Network Persistence • Command & Control • Actions Over Target
  18. After Action Report

  19. Thanks for playing!

  20. @sroberts & sroberts@github.com