Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How GitHub Uses GitHub to Defend GitHub
Search
Scott J. Roberts
February 24, 2014
Technology
3
340
How GitHub Uses GitHub to Defend GitHub
A talk I gave for a closed conference right around RSA 2014.
Scott J. Roberts
February 24, 2014
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
760
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
39
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
130
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
82
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
75
Homemade Ramen & Threat Intelligence
sroberts
2
570
Introduction to Open Source Security Tools
sroberts
3
5k
Building Effective Threat Intelligence Sharing
sroberts
1
120
Other Decks in Technology
See All in Technology
サブドメインテイクオーバー事例紹介と対策について
mikit
16
7.5k
決済システムの信頼性を支える技術と運用の実践
ykagano
0
120
DMMの検索システムをSolrからElasticCloudに移行した話
hmaa_ryo
0
370
書籍『実践 Apache Iceberg』の歩き方
ishikawa_satoru
1
480
AIで急増した生産「量」の荒波をCodeRabbitで乗りこなそう
moongift
PRO
0
580
CLIPでマルチモーダル画像検索 →とても良い
wm3
2
810
Copilotの精度を上げる!カスタムプロンプト入門.pdf
ismk
9
1.8k
激動の2025年、Modern Data Stackの最新技術動向
sagara
0
930
こんな時代だからこそ! 想定しておきたい アクセスキー漏洩後のムーブ
takuyay0ne
3
230
累計5000万DLサービスの裏側 – LINEマンガのKotlinで挑む大規模 Server-side ETLの最適化
ldf_tech
0
190
Data & AIの未来とLakeHouse
ishikawa_satoru
0
190
ソースコードを読むときの思考プロセスの例 ~markdownのレンダリング方法を知りたかった2 markdownパッケージ~
sat
PRO
0
100
Featured
See All Featured
Rails Girls Zürich Keynote
gr2m
95
14k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
31
2.7k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
253
22k
How to Think Like a Performance Engineer
csswizardry
27
2.2k
Being A Developer After 40
akosma
91
590k
A better future with KSS
kneath
239
18k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
Music & Morning Musume
bryan
46
6.9k
Documentation Writing (for coders)
carmenintech
76
5.1k
Six Lessons from altMBA
skipperchong
29
4k
A Tale of Four Properties
chriscoyier
161
23k
Transcript
! To Defend Scott J Roberts Bad Guy Catcher Uses
How
this isn’t a sales pitch… but it is about using
GitHub the product
Our Goals • Use current tools & paradigms • Fast
• Secure • Transparent to coworkers
We live on GitHub (shocking!) • Writing code • Writing
documentation • Having long running collaborative discussions • So why not incident response?
Our Incident Process • Create an incident name • Create
an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it
Create an incident name • Two word names • First
word is “actor” - to the extent we know • Second word is the incident • Initials should be unique
Create an “Incident Branch”
Add Incident Template
Our Templates
Our Templates
Git Add, Commit, & Push
Open a Pull Request
Open a Pull Request
“Run it down”
“Run it down” • Using the Pull Request workflow for
IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States
Finalize and Merge
it • We share GitHub security incidents with all Hubbers
• This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust
Quick Review 1. Create a branch 2. Add & fill
out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge
Wake Up, Go T o War
sroberts
mikit
ykagano
hmaa_ryo
ishikawa_satoru
moongift
wm3
ismk
sagara
takuyay0ne
ldf_tech
sat
gr2m
bluesmoon
lynnandtonic
smashingmag
csswizardry
akosma
kneath
sugarenia
bryan
carmenintech
skipperchong
chriscoyier
