fsnk 

I *love* incident response stories

*love*

@nerdiosity 's talk is so good

#BSides #BSidesVI #infosec

Oct 13, 2023 at 9:22pmWeb
Show threadJeff the AlienOct 13, 2023
@fsnk @nerdiosity

I'll have a doozy of a story for ya in a few days hopefully because the details are still unfolding!

It involves an unknown, completely undiscovered zero day in #Citrix #Netscaler that allowed complete session takeover to happen. Then the ninjas came...just kidding, no ninjas. Instead of ninjas insert 6 analysts and 5 sleepless nights, which is pretty close.

More at 11 on this breaking story!
Show threadfsnk Oct 13, 2023
@hackdefendr
@ me when it's for public consumption!
@nerdiosity
Show threadnerdiosityOct 13, 2023
@fsnk @hackdefendr me too!
Show threadmaswanOct 13, 2023

@fsnk
It was a really good talk!
@nerdiosity took my incident response list from 3 to 11 items!

The only one not covered was "don't panic, go make a cup of tea" that I got taught by @leifnixon a long time ago in intoduction to incident response for sysadmins.

(The other two were "bring in appropriate people" and "have backups that you can restore")

Show threadnerdiosityOct 14, 2023
@maswan @fsnk @leifnixon
I’m a tea drinker! I can’t believe I missed that one! 😂
Show threadmaswanOct 14, 2023
@nerdiosity
The rationale was roughly that the instant stress response to seeing your systems compromised is more likely to make you make destructive mistakes than taking 15 minutes longer to respond with a bit of calmer thought behind it.
@fsnk @leifnixon
Show threadleifnixonOct 14, 2023
@maswan @nerdiosity @fsnk Sometimes I use the alternative phrasing "STEP AWAY FROM THE KEYBOARD! DO IT NOW!", but the cup of tea version is nicer.