If you are wondering what topics could happen at @OSCo , here one possibility.
I will bring a bunch of #cybersecurity themed games.
Including Elevation of Privilege (#EoP), various adaptations like #Cornucopia, Cyber Threat Defender (#CTD), #BackdoorsAndBreaches, and many more.
If you are interested in trying them out, registration for #osco25 is still open.
If you know other games, bring them (or let me know 😁)
#bhis #backdoorsandbreaches #infosec #cybersecurity
Is this a *Board Game*?? That looks fun!
Everyday reminders that I am not "normal" (thank GODS!)🤣
I ran an intro to #backdoorsandbreaches for my managers yesterday. It was all fun and games until after the first round and the “reality” of the scenario kicked in. The mood switch was very real, and it sparked some quality discussion.
Best part is, they wanna do it again.
@hpr Calling all infosec practitioners and those with interest.
I need your help to produce an HPR episode with several of us playing (virtually) Backdoors & Breaches. For any who do not know, B&B is an incident response card game produced by Black Hills Information Security. It is a good tool for tabletop exercises, or just for fun.
Are you interested in being part of this episode? Message me!
#backdoorsandbreaches #hpr #tabletopexercise #incidentresponse
"Are we good?" is a YouTube show where we explore all of the ways we can improve the cyber IR process. Watch here: https://www.youtube.com/playlist?list=PLwrTMgW5kPp_298R61wrv_XQNi6VWjw73
#tabletops #ttx #purpleteaming #drills #processwalkthroughs #seriousgames #backdoorsandbreaches
@simulo @ryanc
Nice. I was looking for something similar.
I played for some time with the idea that there should be a "game" helping development teams doing threat modelling and creating abuse stories (incorporating stalkers and abusive partners)
Something with elements of #EoP and #BackdoorsAndBreaches but with the persona non grata in mind.
Thank you @blackhillsinfosec for such awesome support for the up and coming crowd to cybersecurity. Can't wait to share these with students and run an incident.
The Canadian Centre for Cyber Security has an interesting article on #CybeSecurity #ThreatActors (adversaries) and their motivation.
https://www.cyber.gc.ca/en/guidance/introduction-cyber-threat-environment
The article IMHO leaves out at some threat actors (which might not be that relevant for a commercial or critical infrastructure setting)
while these could be seen as part of insider threats, I believe that their capabilities and opportunities are different from other insiders.
And they are often overlooked when developing consumer products.
Think of the problems with #AirTags or the bike theft "problem" with Strava.
I really like this and are thinking of creating a game around it to raise security awareness (especially within development and designe of systems). #SeriousGames
Idea is to have a collaborative game where you play through threats against your system. Starting with the Threat Actors, their intend, capabilities and opportunities.
Going through techniques used (maybe using a subset of #MitreAttack but also common #SocialEngineering techniques).
And then choosing mitigation and defense options.
A bit of a mixture between #ElevationOfPrivilege/#EoP, #BackdoorsAndBreaches and #FearlessJourney
The Introduction to the Cyber Threat environment provides baseline knowledge about the cyber threat environment, including cyber threat actors and their motivations, techniques and tools.
Claudius Link
Julie Webgirl
DefectiveWings ✈️
Oobleck
scuti🌱
John Helt
Nearshore Cyber
Ceskib