Day 7 – Day of Shecurity

On February 22nd, our CEO (O’Shea Bowens) had the opportunity to attend the Day of Shecurity and lead a workshop “Blue Teaming For Fun and The Sake Of Your Organization- An Attack & Breach Scenario”. O’Shea shares the highlights of this event below.

“Throughout the Day of Shecurity, I had the pleasure of attending insightful presentations and meeting women in the field of cyber security, which was an awesome experience. As I listened to these amazing women, I realized that the future of information security must have more representation from women. This won’t come via passively hoping and waiting, but instead will require both men and women to actively push for the advancement of women in security (alike to the mission of more representation from African Americans in the field).

My time at Day of Shecurity was split between speed mentoring and leading a workshop focused on the incident response life-cycle. Let’s start with the speed mentoring session.

Speed Mentoring

The speed mentoring consisted of two groups, mentee’s and mentors. The mentees would rotate between mentors every fifteen minutes. During the speed mentoring session, I met some amazing women, including those transitioning into cyber security from other careers and college graduates. Both groups were eager to share why cyber security was their career of choice and it was clearly evident from our conversations how passionate these women were for tackling complex problems and contributing to the growth of women in cyber.

Incident Life-cycle Workshop

The second part of my day was spent leading a workshop with two women in cyber security, Jorie Labonte and Sarah Gibson. The purpose of the workshop was to introduce application, incident response, and incident management to showcase the reality of the incident response life cycle. As there have been numerous presentations at conferences that focus on application security and incident response, I wanted to try something a little different (so I did). Simply put, the workshop flow was as follows.

  1. Mock application with vulnerable php code that allows Local File Inclusion (LFI) vulnerability.
  2. Leverage FLI to upload a remote access tool(RAT), I used “Pupy” for this workshop.
  3. Create backdoor on Apache box
  4. Demonstrate #IR techniques to detect C2 communications, persistence mechanisms, and track file uploads
  5. How to manage an incident for management and C-Level

Application Security:

  • Introduction to application security basics and possibly share daily duties and a bit about yourself to participants
  • Discuss and demonstrate attack phases of a vulnerable web application
  • Scanning
  • Attack – OWASP Top 20
  • Pawnage Verification
  • Vulnerable php code snippet:

vuln-payloadphpvuln

Incident Response

  • Introduction to #IR
  • #IR life-cycle brief discussion
  • Demonstrate stages of #IR for web application attacks
  • Ensure remediation and recovery are verifiable

 

Pupy

https://github.com/n1nj4sec/pupy

 

Incident Management

  • Introduction of incident management
  • Communication styles during breach scenarios
  • How to ensure cool heads prevail e.g. updating incident status with C-Level & board of directors
  • Identifying items of interest for investigation
  • Sharing of breach artifacts with partners and third parties

In closing, I truly enjoyed the conference and thought it was well organized.  All parties involved with bringing the event to Boston deserve a hug and handshake. Huge shout-out to Deidre Diamond, Kyle Kennedy, Devon Byran for putting this together. Massive shout-out to Jorie Labonte and Sarah Gibson for working with me and making our workshop an amazing experience.

https://www.dayofshecurity.com/sessions/

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s