Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A Game of Pwns

Scott J. Roberts
November 08, 2014
Technology
1
5.2k

A Game of Pwns

My talk for the BSidesDFW 2014. Unfortunately it didn't turn out quite as originally envisioned, but ended up being a great discussion about incident response preparation & processes.

Scott J. Roberts

November 08, 2014
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
94
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
67
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
31
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
23
Homemade Ramen & Threat Intelligence
sroberts
2
490
Introduction to Open Source Security Tools
sroberts
3
4.8k
Building Effective Threat Intelligence Sharing
sroberts
1
110
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
110
Crisis Communication for Incident Response
sroberts
1
320

Other Decks in Technology

See All in Technology
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
940
適材適所の技術選定 〜GraphQL・REST API・tRPC〜 / Optimal Technology Selection
kakehashi
1
150
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
380
フルカイテン株式会社 採用資料
fullkaiten
0
40k
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
3
180
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
複雑なState管理からの脱却
sansantech
PRO
1
130
TypeScript、上達の瞬間
sadnessojisan
46
13k
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
170
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
570

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
It's Worth the Effort
3n
183
27k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
Six Lessons from altMBA
skipperchong
27
3.5k
What's new in Ruby 2.0
geeforr
343
31k
RailsConf 2023
tenderlove
29
900
Practical Orchestrator
shlominoach
186
10k
Building Adaptive Systems
keathley
38
2.3k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Become a Pro
speakerdeck
PRO
25
5k
Making the Leap to Tech Lead
cromwellryan
133
8.9k

Transcript

  1. A Game of Pwns An Exercise of Exploits & Dice

  2. Me ✦ Incident Responder @ GitHub ✦ 10 years Incident

    Response & Threat Intel Experience ✦ Avid Gamer & GoT Fan….

  3. Schedule ✦ Introduction ✦ Character & Team Setup ✦ Scenarios

    ✦ After Action ✦ Closing

  4. Introduction

  5. schedule ✦ Introduction ✦ IR Process ✦ Scenarios ✦ After

    Action ✦ Closing

  6. Incident LIfeCycle

  7. Preparation Detection & Analysis Containment, Eradication, & Recovery Post Incident

    Activity IR Cycle

  8. • Reconissance • Weaponization • Delivery • Exploitation • LocaL

    & Network Persistence • Command & Control • Actions Over Target Kill Chain

  9. Scenarios

  10. Single Host Compromise Scenarios

  11. Scenarios • Reconissance • Weaponization • Delivery • Exploitation •

    LocaL & Network Persistence • Command & Control • Actions Over Target

  12. Volumetric DDoS Scenarios

  13. Scenarios • Reconissance • Weaponization • Delivery • Exploitation •

    LocaL & Network Persistence • Command & Control • Actions Over Target

  14. Social Network Compromise Scenarios

  15. Scenarios • Reconissance • Weaponization • Delivery • Exploitation •

    LocaL & Network Persistence • Command & Control • Actions Over Target

  16. “APT Style” attack Scenarios

  17. Scenarios • Reconissance • Weaponization • Delivery • Exploitation •

    LocaL & Network Persistence • Command & Control • Actions Over Target

  18. After Action Report

  19. Thanks for playing!

  20. @sroberts & [email protected]