Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How GitHub Uses GitHub to Defend GitHub
Search
Scott J. Roberts
February 24, 2014
Technology
3
300
How GitHub Uses GitHub to Defend GitHub
A talk I gave for a closed conference right around RSA 2014.
Scott J. Roberts
February 24, 2014
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
Homemade Ramen & Threat Intelligence
sroberts
2
430
Introduction to Open Source Security Tools
sroberts
3
4.7k
Building Effective Threat Intelligence Sharing
sroberts
1
100
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
95
Crisis Communication for Incident Response
sroberts
1
290
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.1k
Community Intelligence & Open Source Tools
sroberts
5
1.1k
Responding @ Scale: osquery for Mass Incident Response and Detection
sroberts
1
12k
Hipster DFIR on OSX
sroberts
2
950
Other Decks in Technology
See All in Technology
NgRx Signal Store
rainerhahnekamp
0
110
SREとその組織類型
tatsuo48
8
1.5k
Databricks における 『MLOps』
databricksjapan
2
140
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
3
780
Databricks におけるデータエンジニアリング
databricksjapan
0
370
株式会社EventHub・エンジニア採用資料
eventhub
0
1.9k
Microsoft Cloudで開発ライフサイクルを保護する
kkamegawa
0
140
Apple Vision Pro trial session
akkeylab
0
120
Janus
bkuhlmann
1
490
**強い**エンジニアのなり方 - フィードバックサイクルを勝ち取る / grow one day each day
soudai
61
18k
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
700
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
170
Featured
See All Featured
Building an army of robots
kneath
300
41k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
321
20k
Optimizing for Happiness
mojombo
370
69k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
Ruby is Unlike a Banana
tanoku
96
10k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
GitHub's CSS Performance
jonrohan
1023
450k
Creatively Recalculating Your Daily Design Routine
revolveconf
209
11k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
356
22k
Building a Scalable Design System with Sketch
lauravandoore
455
32k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
273
13k
How to Ace a Technical Interview
jacobian
272
22k
Transcript
! To Defend Scott J Roberts Bad Guy Catcher Uses
How
this isn’t a sales pitch… but it is about using
GitHub the product
Our Goals • Use current tools & paradigms • Fast
• Secure • Transparent to coworkers
We live on GitHub (shocking!) • Writing code • Writing
documentation • Having long running collaborative discussions • So why not incident response?
Our Incident Process • Create an incident name • Create
an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it
Create an incident name • Two word names • First
word is “actor” - to the extent we know • Second word is the incident • Initials should be unique
Create an “Incident Branch”
Add Incident Template
Our Templates
Our Templates
Git Add, Commit, & Push
Open a Pull Request
Open a Pull Request
“Run it down”
“Run it down” • Using the Pull Request workflow for
IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States
Finalize and Merge
it • We share GitHub security incidents with all Hubbers
• This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust
Quick Review 1. Create a branch 2. Add & fill
out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge
Wake Up, Go T o War