Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How GitHub Uses GitHub to Defend GitHub

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Scott J. Roberts Scott J. Roberts
February 24, 2014
Technology
3
340

How GitHub Uses GitHub to Defend GitHub

A talk I gave for a closed conference right around RSA 2014.

Avatar for Scott J. Roberts

Scott J. Roberts

February 24, 2014
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
LLM SATs FTW
Avatar for Scott J. Roberts sroberts
0
1.1k
STRAT - A System-Centric Approach to Cyber Resilience
Avatar for Scott J. Roberts sroberts
0
62
Tortured Responders Dept - Scott & Rebekah's Edition
Avatar for Scott J. Roberts sroberts
0
150
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Avatar for Scott J. Roberts sroberts
0
170
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
Avatar for Scott J. Roberts sroberts
0
100
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
Avatar for Scott J. Roberts sroberts
0
94
Homemade Ramen & Threat Intelligence
Avatar for Scott J. Roberts sroberts
2
590
Introduction to Open Source Security Tools
Avatar for Scott J. Roberts sroberts
3
5k
Building Effective Threat Intelligence Sharing
Avatar for Scott J. Roberts sroberts
1
130

Other Decks in Technology

See All in Technology
製造業ドメインにおける LLMプロダクト構築: 複雑な文脈へのアプローチ
Avatar for recruiting@caddi.jp caddi_eng
1
540
vLLM Community Meetup Tokyo #3 オープニングトーク
Avatar for jpishikawa jpishikawa
0
230
20260305_【白金鉱業】分析者が地理情報を武器にするための軽量なアドホック分析環境
Avatar for Yuya Kaneta yucho147
2
210
GitLab Duo Agent Platform + Local LLMサービングで幸せになりたい
Avatar for jyoshise jyoshise
0
200
LINE Messengerの次世代ストレージ選定
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
19
7.6k
新職業『オーケストレーター』誕生 — エージェント10体を同時に回すAgentOps
Avatar for Gunther Brunner gunta
4
1.7k
元エンジニアPdM、IDEが恋しすぎてCursorに全業務を集約したら、スライド作成まで爆速になった話
Avatar for "doiko" chiaki_yamaguchi doiko123
1
510
AWSをCLIで理解したい! / I want to understand AWS using the CLI
Avatar for める mel_27
2
240
「Blue Team Labs Online」入門 - みんなで挑むログ解析バトル
Avatar for Noriaki Hayashi v_avenger
0
130
モブプログラミング再入門 ー 基本から見直す、AI時代のチーム開発の選択肢 ー / A Re-introduction of Mob Programming
Avatar for TAKAKING22 takaking22
5
900
Kaggleの経験が実務にどう活きているか / kaggle_findy
Avatar for Sansan R&D sansan_randd
7
1.3k
タスク管理も1on1も、もう「管理」じゃない ― KiroとBedrock AgentCoreで変わった"判断の仕事"
Avatar for Yusuke Shimizu yusukeshimizu
5
2.1k

Featured

See All Featured
How To Speak Unicorn (iThemes Webinar)
Avatar for Michelle Schulp Hunt marktimemedia
1
400
AI in Enterprises - Java and Open Source to the Rescue
Avatar for ivargrimstad ivargrimstad
0
1.2k
Code Review Best Practice
Avatar for Trisha Gee trishagee
74
20k
Heart Work Chapter 1 - Part 1
Avatar for Lake Fama lfama
PRO
5
35k
New Earth Scene 8
Avatar for Sydney Stone popppiees
1
1.7k
We Analyzed 250 Million AI Search Results: Here's What I Found
Avatar for Josh Blyskal joshbly
1
910
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
A Guide to Academic Writing Using Generative AI - A Workshop
Avatar for Kenji Saito ks91
PRO
0
230
Tips & Tricks on How to Get Your First Job In Tech
Avatar for Honza Javorek honzajavorek
0
450
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
Avatar for soudai sone soudai
PRO
62
51k
End of SEO as We Know It (SMX Advanced Version)
Avatar for Michael King ipullrank
3
4.1k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
2.4k

Transcript

  1. ! To Defend Scott J Roberts Bad Guy Catcher Uses

    How

  2. this isn’t a sales pitch… but it is about using

    GitHub the product

  3. Our Goals • Use current tools & paradigms • Fast

    • Secure • Transparent to coworkers

  4. We live on GitHub (shocking!) • Writing code • Writing

    documentation • Having long running collaborative discussions • So why not incident response?

  5. Our Incident Process • Create an incident name • Create

    an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it

  6. Create an incident name • Two word names • First

    word is “actor” - to the extent we know • Second word is the incident • Initials should be unique

  7. Create an “Incident Branch”

  8. Add Incident Template

  9. Our Templates

  10. Our Templates

  11. Git Add, Commit, & Push

  12. Open a Pull Request

  13. Open a Pull Request

  14. “Run it down”

  15. “Run it down” • Using the Pull Request workflow for

    IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States

  16. Finalize and Merge

  17. it • We share GitHub security incidents with all Hubbers

    • This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust

  18. Quick Review 1. Create a branch 2. Add & fill

    out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge

  19. Wake Up,
 Go T o War