Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A Game of Pwns

Scott J. Roberts
November 08, 2014
Technology
1
5k

A Game of Pwns

My talk for the BSidesDFW 2014. Unfortunately it didn't turn out quite as originally envisioned, but ended up being a great discussion about incident response preparation & processes.

Scott J. Roberts

November 08, 2014
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Homemade Ramen & Threat Intelligence
sroberts
2
390
Introduction to Open Source Security Tools
sroberts
3
4.6k
Building Effective Threat Intelligence Sharing
sroberts
1
88
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
73
Crisis Communication for Incident Response
sroberts
1
250
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3k
Community Intelligence & Open Source Tools
sroberts
5
1k
Responding @ Scale: osquery for Mass Incident Response and Detection
sroberts
1
12k
Hipster DFIR on OSX
sroberts
2
900

Other Decks in Technology

See All in Technology
KEDAによるイベント駆動ジョブスケール / Event-driven job scale by KEDA
kohbis
2
160
組織一丸となってカスタマーサクセスを実現するための取り組みと悩み
zakiyama
0
140
Exadata Database Cloud (Exadata Cloud Service) サービス技術詳細
oracle4engineer
PRO
0
29k
Head toward Java 20 and Java 21
line_developers
PRO
0
340
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
0
120
Princess APIのAPIクライアントをTypeScriptで作ってnpmで公開してみた
ohmori_yusuke
1
510
DMMオンラインサロン エンジニア採用資料/ for-software-engineers
onlinesalon
0
2.3k
[DevDojo] 成功するスクラムチームとは
mercari
PRO
0
110
Data-Centric AIのためのベンチマーク
x_ttyszk
1
590
よくわかるフォルシアのエンジニア 旅行プラットフォーム部編
forcia_dev_pr
0
150
どうしてもcgoから逃げられなくなったあなたに知ってほしいcgoの使い方入門
sakiengineer
1
1k
dx_osarai_about_connection
hatahata021
0
140

Featured

See All Featured
Large-scale JavaScript Application Architecture
addyosmani
500
110k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.5k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
46
15k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
217
21k
The MySQL Ecosystem @ GitHub 2015
samlambert
240
11k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
33
21k
It's Worth the Effort
3n
179
26k
YesSQL, Process and Tooling at Scale
rocio
158
13k
The Pragmatic Product Professional
lauravandoore
22
3.8k
How to name files
jennybc
51
80k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6k
Debugging Ruby Performance
tmm1
68
11k

Transcript

  1. A Game of Pwns
    An Exercise of Exploits & Dice

    View Slide

  2. Me
    ✦ Incident Responder @
    GitHub
    ✦ 10 years Incident Response
    & Threat Intel Experience
    ✦ Avid Gamer & GoT Fan….

    View Slide

  3. Schedule
    ✦ Introduction
    ✦ Character & Team Setup
    ✦ Scenarios
    ✦ After Action
    ✦ Closing

    View Slide

  4. Introduction

    View Slide

  5. schedule
    ✦ Introduction
    ✦ IR Process
    ✦ Scenarios
    ✦ After Action
    ✦ Closing

    View Slide

  6. Incident
    LIfeCycle

    View Slide

  7. Preparation
    Detection & Analysis
    Containment, Eradication,
    & Recovery
    Post Incident Activity
    IR Cycle

    View Slide

  8. • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target
    Kill Chain

    View Slide

  9. Scenarios

    View Slide

  10. Single Host
    Compromise
    Scenarios

    View Slide

  11. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  12. Volumetric
    DDoS
    Scenarios

    View Slide

  13. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  14. Social
    Network
    Compromise
    Scenarios

    View Slide

  15. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  16. “APT Style”
    attack
    Scenarios

    View Slide

  17. Scenarios
    • Reconissance
    • Weaponization
    • Delivery
    • Exploitation
    • LocaL & Network Persistence
    • Command & Control
    • Actions Over Target

    View Slide

  18. After Action
    Report

    View Slide

  19. Thanks for
    playing!

    View Slide

  20. @sroberts
    &
    [email protected]

    View Slide