Incident Response – Practicing and Gamification
I recently published a video on YouTube on the aspect of practicing Incident Response scenarios, applying elements of gamification and planning out how we can plan to prepare against dealing with the different scenarios.
The video can be found here:
The lists of scenarios are included for your convenience in this post:
- Large number of requests kills the webserver
- License keys are being brute forced
- Our product is spread unlocked on the Internet
- News outlet calls and claims there has been a leak
- Too liberal privileges causing accidents to break our systems
- Third-party tool installed and it contains malware now or later
- Someone gets access to GitHub and ransoms our repositories
- Our database is encrypted, and we will lose some data from restoring the backups
- Intruder already having access and us not knowing
- Access to developer computer through local port used for developing local server
- Our database backups could be deleted during ransomware attack
- Access to company Azure account and deletes all of our infrastructure
- Attacker already has access to our systems and is waiting for the right time to exploit them
- Internal/external Bob trying to exfiltrate PII data. (blast radius, reach of permissions, etc..)
- IDE plugin used to attack developer environment (e.g. for VS Code, Eclipse, NetBeans, Visual Studio)
- Identity theft and exploitations of it, access to personal data
- We set up MFA on something, lose a phone, and suddenly can’t get back into it.
More generic scenarios include:
- Worm Infection
- Windows Intrusion
- Unix/Linux Intrusion
- DDOS
- Malicious Network Behavior
- Website Defacement
- Windows Malware Detection
- Blackmail
- Smartphone Malware
- Social Engineering
- Information Leakage
- Insider Abuse
- Phishing
- Scam
- Trademark Infringement
- Ransomware
- AD network compromise
- SEO poisoning
- Web-server hacking attempt
- Web-server break-in (RCE)
Watch the video on tips on how to practice these scenarios. Enjoy!