SlideShare a Scribd company logo

Insect invasion Rules

Kelly Ohlert
Kelly Ohlert

Complete rules explanation for the Insect Invasion information security tabletop scenario.

Technology
1 of 2
Download to read offline
INSECT INVASION TABLETOP GAME THE STORY SO FAR Brood X, Inc. is a Virginia-based company founded in 2003 as a cloud-based SaaS that facilitates the realtime sharing, review, annotation, and modeling of entomological data. The Brood X web portal allows scientists and members of the general public to share information, collaborate on uploaded data, securely share and compare data, and visualize information on the fly. Currently, Brood X is exclusively U.S.-based, with most users being colleges, universities, and independent scholars who probably need to get out of their offices more often than once every 17 years or so. This summer is the moment Brood X has been waiting for. The cicadas are coming, and, for the sake of Brood X’s upcoming IPO, Brood X had better be ready. All Brood X data is held in their VPC in AWS US-East 1. Brood X uses AWS GuardDuty and Falco to detect intrusions. They use runtime monitoring software and AWS Inspector to detect potential vulnerabilities. Scans are run daily to check vulnerability in virtual machines and containers. Cloudwatch and Cloudtrail are used as anti-exfiltration measures. They use AWS WAF for protecting their web-based systems and AWS API Gateway for the APIs that they make available to researchers. Configuration management is done through AWS Config. THE OTHER PLAYERS Brave Tailor Security Brood X is overly smug about what they consider to be their impenetrable AWS fortress. Their angel investors, however, are not. As part of their pre-IPO maturity assessment, Brood X has hired BTS for a pentest engagement. BTS’s goal is to find the most likely attack vector or vectors and report back to Brood X. BTS has a total of two weeks and cannot significantly disrupt end user access, though they are allowed to test without notifying BTS as to exactly when they will do so. The Bugsuckers The Bugsuckers are a loosely-connected group of amateur entomologists that believes that insect research should be as free as a cicada on the wind. The Bugsuckers’ goal is to exfiltrate the research data uploaded to the Brood X portal and leak it onto the World Wide Web. They have been planning their move for about six months now, and would like to be ready to fly as soon as all the buzz begins this summer. Brood Y, Inc. Brood Y is a direct competitor of Brood X. Founded several years after Brood X, Brood Y’s goal is to make Brood X look bad, and are offering “bug bounties” to anyone who can make that happen. This can be in terms of security, service, or just plain old scandal. The “bug bounties” have only been offered for about one month.
RED TEAM RULES  This time, red goes first.  BTS, the Bugsuckers, and Brood Y are each a separate red team.  Each red team gets one move.  A “move” is a discrete action that each red team will take to further their specific goal.  Moves can be any action that the team can reasonably argue would help them reach their objective. Moves might include, but are not limited to: open port scans, social engineering, phishing emails, fuzzing, or hamster dancing.  Moves must include:  (1) A description of the action taken  (2) How long that action will take  (3) When the team began taking that action Image credit Misty View @cheatlines https://www.instagram.com/cheatlines/ BLUE TEAM RULES This time, blue is responding to the red attacks  Blue gets one counter move to each red team’s move  A “move” is a discrete action that each red team will take to defend or mitigate. Moves can be any action that the team can reasonably argue would help them reach their objective.  Moves might include, but are not limited to: patching, employee training, calling Legal, purchasing new security software, or deploying kittens into your office production environment.  Moves must include:  (1) A description of how you learned about each red team’s action  (2) A description of the action the blue team is taking in response  (3) How long that action will take  (4) When the team began taking that action

Recommended

Insect invasion slide deck
Insect invasion slide deckInsect invasion slide deck
Insect invasion slide deckKelly Ohlert
 
10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West 10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West Entefy
 
Are Drones our best friends?
Are Drones our best friends?Are Drones our best friends?
Are Drones our best friends?Codemotion
 
Videocon Service Center in Mumbai
Videocon Service Center in MumbaiVideocon Service Center in Mumbai
Videocon Service Center in Mumbaiuhaglobaltechnoservi
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
Cyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analyticsCyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analyticsLinkurious
 
Augur Press Kit
Augur Press KitAugur Press Kit
Augur Press KitTony Sakich
 
Secureview 4 - 2010
Secureview 4 - 2010Secureview 4 - 2010
Secureview 4 - 2010Felipe Prado
 

Recommended

Insect invasion slide deck
Insect invasion slide deckInsect invasion slide deck
Insect invasion slide deckKelly Ohlert
 
10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West 10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West Entefy
 
Are Drones our best friends?
Are Drones our best friends?Are Drones our best friends?
Are Drones our best friends?Codemotion
 
Videocon Service Center in Mumbai
Videocon Service Center in MumbaiVideocon Service Center in Mumbai
Videocon Service Center in Mumbaiuhaglobaltechnoservi
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
Cyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analyticsCyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analyticsLinkurious
 
Augur Press Kit
Augur Press KitAugur Press Kit
Augur Press KitTony Sakich
 
Secureview 4 - 2010
Secureview 4 - 2010Secureview 4 - 2010
Secureview 4 - 2010Felipe Prado
 
Global threat-landscape report by fortinet.
Global threat-landscape report by fortinet.Global threat-landscape report by fortinet.
Global threat-landscape report by fortinet.Reham Maher El-Safarini
 
IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014- Mark - Fullbright
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013Комсс Файквэе
 
Security
SecuritySecurity
SecurityBob Cherry
 
Security researchers participate in conferences such as DefCon t.docx
Security researchers participate in conferences such as DefCon t.docxSecurity researchers participate in conferences such as DefCon t.docx
Security researchers participate in conferences such as DefCon t.docxjeffreye3
 
Base paper
Base paperBase paper
Base paperKavyaShree185
 
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Maurice Dawson
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and ComplianceMarcus Clarke
 
Butterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainButterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainSymantec
 
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATIONA CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATIONijasa
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposedNumaan Huq
 
Bomb squad final thesis
Bomb squad final thesis Bomb squad final thesis
Bomb squad final thesis Vaishnav Lavatre
 
Charan Resume
Charan ResumeCharan Resume
Charan ResumeCharan Mukkamala
 
L017326972
L017326972L017326972
L017326972IOSR Journals
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...iosrjce
 
Talks submitted
Talks submittedTalks submitted
Talks submittedKim Minh
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniquesijdpsjournal
 
The Biggest Artificial Intelligence Milestones Of The Decade So Far
The Biggest Artificial Intelligence Milestones Of The Decade So FarThe Biggest Artificial Intelligence Milestones Of The Decade So Far
The Biggest Artificial Intelligence Milestones Of The Decade So FarBernard Marr
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

More Related Content

Similar to Insect invasion Rules

Global threat-landscape report by fortinet.
Global threat-landscape report by fortinet.Global threat-landscape report by fortinet.
Global threat-landscape report by fortinet.Reham Maher El-Safarini
 
IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014- Mark - Fullbright
 
Security researchers participate in conferences such as DefCon t.docx
Security researchers participate in conferences such as DefCon t.docxSecurity researchers participate in conferences such as DefCon t.docx
Security researchers participate in conferences such as DefCon t.docxjeffreye3
 
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Maurice Dawson
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and ComplianceMarcus Clarke
 
Butterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainButterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainSymantec
 
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATIONA CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATIONijasa
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposedNumaan Huq
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...iosrjce
 
Talks submitted
Talks submittedTalks submitted
Talks submittedKim Minh
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniquesijdpsjournal
 
The Biggest Artificial Intelligence Milestones Of The Decade So Far
The Biggest Artificial Intelligence Milestones Of The Decade So FarThe Biggest Artificial Intelligence Milestones Of The Decade So Far
The Biggest Artificial Intelligence Milestones Of The Decade So FarBernard Marr
 

Similar to Insect invasion Rules (20)

Global threat-landscape report by fortinet.
Global threat-landscape report by fortinet.Global threat-landscape report by fortinet.
Global threat-landscape report by fortinet.
 
IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED-V2I3P69
IJSRED-V2I3P69
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
Security
SecuritySecurity
Security
 
Security researchers participate in conferences such as DefCon t.docx
Security researchers participate in conferences such as DefCon t.docxSecurity researchers participate in conferences such as DefCon t.docx
Security researchers participate in conferences such as DefCon t.docx
 
Base paper
Base paperBase paper
Base paper
 
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and Compliance
 
Butterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainButterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial Gain
 
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATIONA CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
 
Bomb squad final thesis
Bomb squad final thesis Bomb squad final thesis
Bomb squad final thesis
 
Charan Resume
Charan ResumeCharan Resume
Charan Resume
 
L017326972
L017326972L017326972
L017326972
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
 
Talks submitted
Talks submittedTalks submitted
Talks submitted
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniques
 
The Biggest Artificial Intelligence Milestones Of The Decade So Far
The Biggest Artificial Intelligence Milestones Of The Decade So FarThe Biggest Artificial Intelligence Milestones Of The Decade So Far
The Biggest Artificial Intelligence Milestones Of The Decade So Far
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Insect invasion Rules

  • 1. INSECT INVASION TABLETOP GAME THE STORY SO FAR Brood X, Inc. is a Virginia-based company founded in 2003 as a cloud-based SaaS that facilitates the realtime sharing, review, annotation, and modeling of entomological data. The Brood X web portal allows scientists and members of the general public to share information, collaborate on uploaded data, securely share and compare data, and visualize information on the fly. Currently, Brood X is exclusively U.S.-based, with most users being colleges, universities, and independent scholars who probably need to get out of their offices more often than once every 17 years or so. This summer is the moment Brood X has been waiting for. The cicadas are coming, and, for the sake of Brood X’s upcoming IPO, Brood X had better be ready. All Brood X data is held in their VPC in AWS US-East 1. Brood X uses AWS GuardDuty and Falco to detect intrusions. They use runtime monitoring software and AWS Inspector to detect potential vulnerabilities. Scans are run daily to check vulnerability in virtual machines and containers. Cloudwatch and Cloudtrail are used as anti-exfiltration measures. They use AWS WAF for protecting their web-based systems and AWS API Gateway for the APIs that they make available to researchers. Configuration management is done through AWS Config. THE OTHER PLAYERS Brave Tailor Security Brood X is overly smug about what they consider to be their impenetrable AWS fortress. Their angel investors, however, are not. As part of their pre-IPO maturity assessment, Brood X has hired BTS for a pentest engagement. BTS’s goal is to find the most likely attack vector or vectors and report back to Brood X. BTS has a total of two weeks and cannot significantly disrupt end user access, though they are allowed to test without notifying BTS as to exactly when they will do so. The Bugsuckers The Bugsuckers are a loosely-connected group of amateur entomologists that believes that insect research should be as free as a cicada on the wind. The Bugsuckers’ goal is to exfiltrate the research data uploaded to the Brood X portal and leak it onto the World Wide Web. They have been planning their move for about six months now, and would like to be ready to fly as soon as all the buzz begins this summer. Brood Y, Inc. Brood Y is a direct competitor of Brood X. Founded several years after Brood X, Brood Y’s goal is to make Brood X look bad, and are offering “bug bounties” to anyone who can make that happen. This can be in terms of security, service, or just plain old scandal. The “bug bounties” have only been offered for about one month.
  • 2. RED TEAM RULES  This time, red goes first.  BTS, the Bugsuckers, and Brood Y are each a separate red team.  Each red team gets one move.  A “move” is a discrete action that each red team will take to further their specific goal.  Moves can be any action that the team can reasonably argue would help them reach their objective. Moves might include, but are not limited to: open port scans, social engineering, phishing emails, fuzzing, or hamster dancing.  Moves must include:  (1) A description of the action taken  (2) How long that action will take  (3) When the team began taking that action Image credit Misty View @cheatlines https://www.instagram.com/cheatlines/ BLUE TEAM RULES This time, blue is responding to the red attacks  Blue gets one counter move to each red team’s move  A “move” is a discrete action that each red team will take to defend or mitigate. Moves can be any action that the team can reasonably argue would help them reach their objective.  Moves might include, but are not limited to: patching, employee training, calling Legal, purchasing new security software, or deploying kittens into your office production environment.  Moves must include:  (1) A description of how you learned about each red team’s action  (2) A description of the action the blue team is taking in response  (3) How long that action will take  (4) When the team began taking that action