Last night (6th Feb,2018), Meetup Madness Group held a security debate between security engineers and hackers. The event had about 709 tickets sold and the event was hosted in NAB office in Melbourne CBD.
I had the honour of being part of the security engineers aka the blue team panel.
The objective of the blue team was to propose defence tactics against different scenario some of which had an isolated LTE (4G) network, Intel zero day, rogue mobile apps, bypassed WAF controls, NSA level access etc. As you can imagine the objective the Hackers aka the red team was to come up with attack scenarios on infiltrating the attack surface.
- 4 questions debate
- Audience Q&A
- 4 question debate
Audience decides the winner of each question.
Some of the folks asked me for questions and I have asked the Moderators for a copy of the full scenario questions- in the meanwhile I have notes from what I remember of the questions and these are in order of how I remember not how they were asked: ##Update: The link to questions at the bottom of the article.
- Mobile app that approves/denies a deployment CI/CD pipeline (includes the production pipeline)
- Intel 0day and 1 week to release date — defend whole of Australia against this and stop the Kiwi hackers from increase the value of their sheep coin
- Product deployed in AWS last year, how will you protect a internet facing product — no cloud front or waf present.
- Someone has already bypassed the waf using / and ? instead of the * and . filter that your waf had. How would you detect, protect
- Microservices environment which is deployed using kubernatics with a service available on the internet over HTTP.
- Small company X being acquired by big company Acme. Security has 2 weeks to merge the two networks into one.
- Isolated network on a 4G network with highly sensitive data— isolated from regular network.
- University runs a patch management process once per year, they have military grade projects,
It was an epic night!
The questions were a mix of extreme scenarios and some scenarios that some of us have seen or heard of. There were no perfect answers provided by either team but the questions followed with a 30sec team huddle forced team to come up interesting out of the box scenarios for both attacking and defending a network.
The out of box ideas with only 30sec to think, highlighted the platheora of experience that both the team brought to the table.
My hope is some the ideas discussed gave some insight to the audience on the kind of defence it is possible to have (before the Machine learning cyber war starts).
The blue team won :)
A special shoutout and thank you for everyone who attended and made the event a huge success.
Update: 8 February,2018 — The question from both Sydney and Melbourne are available here: https://gist.github.com/hashishrajan/1b605e8d5bca21915fceb6ae1fa4ea2e