they loved it.im doing this format from now on for every tabletop i ever do.
-
RE: https://mastodon.social/@Viss/116240791835934578
they loved it.
im doing this format from now on for every tabletop i ever do.telling them halfway through "oh no, this is real. go look at your logs. go look at your telemetry. its there"
their eyes get to be the size of dinner plates.
completely different story when you make them get out of the chair and go do stuff in meatspace.
fucking awesome, 500/10. would tabletop again.
@Viss so you pivoted from a tabletop to a surprise pentest?
-
RE: https://mastodon.social/@Viss/116240791835934578
they loved it.
im doing this format from now on for every tabletop i ever do.telling them halfway through "oh no, this is real. go look at your logs. go look at your telemetry. its there"
their eyes get to be the size of dinner plates.
completely different story when you make them get out of the chair and go do stuff in meatspace.
fucking awesome, 500/10. would tabletop again.
@Viss Real logs and actions are what get the analysts to click instead of just the incident managers / commanders.
-
@Viss Real logs and actions are what get the analysts to click instead of just the incident managers / commanders.
@Viss Maybe "click" isn't the right word but I think you know what I meant.
-
RE: https://mastodon.social/@Viss/116240791835934578
they loved it.
im doing this format from now on for every tabletop i ever do.telling them halfway through "oh no, this is real. go look at your logs. go look at your telemetry. its there"
their eyes get to be the size of dinner plates.
completely different story when you make them get out of the chair and go do stuff in meatspace.
fucking awesome, 500/10. would tabletop again.
@Viss Did a lot of these in DOD. Sometimes in the role of my real job, sometimes playing other roles like SECDEF etc. Ultimately in the big exercises the injects often lead to worst case scenario and everybody dies in the end...
-
@Viss Did a lot of these in DOD. Sometimes in the role of my real job, sometimes playing other roles like SECDEF etc. Ultimately in the big exercises the injects often lead to worst case scenario and everybody dies in the end...
@Nonya_Bidniss heh, the stakes were considerably lower in this exercise - but one of yours sounds like it would be a fun one to do and/or play in!
-
@Viss Maybe "click" isn't the right word but I think you know what I meant.
@cR0w oh that was the consensus at the end. im nudging them for a testimonal i can stick on the site
but everyone in the room was like "yes, having it go to physical - having a real thing to go chase down? that was absolutely awesome"
-
sounds outstanding! nice!
@paul_ipv6 i think it went really well, and im gonna lean into advertising these things more. they're super fun to do and everyone seems to love em
-
@Viss thats awesome Dan. Well done.
@h2onolan thanks dude
-
@cR0w oh that was the consensus at the end. im nudging them for a testimonal i can stick on the site
but everyone in the room was like "yes, having it go to physical - having a real thing to go chase down? that was absolutely awesome"
@Viss I keep wanting to do that with TTXs but don't have the authority to make it happen.
-
@paul_ipv6 i think it went really well, and im gonna lean into advertising these things more. they're super fun to do and everyone seems to love em
the most popular classes and tutorials i did have folks doing labs and poking on their own machines. things stick better learned that way.
-
@Viss I keep wanting to do that with TTXs but don't have the authority to make it happen.
@cR0w wanna rope me in?
-
@Viss Maybe "click" isn't the right word but I think you know what I meant.
-
-
-
@cR0w wanna rope me in?
@Viss Ha! I can't get them to buy a single Thinkst Canary. I don't think that's going to happen.
-
@scottwilson @Viss I just might.
-
@Nonya_Bidniss heh, the stakes were considerably lower in this exercise - but one of yours sounds like it would be a fun one to do and/or play in!
@Viss But you're right, people do get a kick out of the hands-on role play where they have to come up with actions and do them and see whether it works, or what the next surprise is.
BTW, I ran across this one that's open registration right now and cyberspace operations is listed https://www.doctrine.af.mil/Portals/61/AFD35%20Wargame%20Invitation%20Flyer.pdf https://www.doctrine.af.mil/Home/AFD35/AFD35-Wargaming/
-
@Viss But you're right, people do get a kick out of the hands-on role play where they have to come up with actions and do them and see whether it works, or what the next surprise is.
BTW, I ran across this one that's open registration right now and cyberspace operations is listed https://www.doctrine.af.mil/Portals/61/AFD35%20Wargame%20Invitation%20Flyer.pdf https://www.doctrine.af.mil/Home/AFD35/AFD35-Wargaming/
@Nonya_Bidniss neat! i wager they wont think twice about me since i have zero .mil experience or .gov experience, but it would be cool to participate in one of those
-
RE: https://mastodon.social/@Viss/116240791835934578
they loved it.
im doing this format from now on for every tabletop i ever do.telling them halfway through "oh no, this is real. go look at your logs. go look at your telemetry. its there"
their eyes get to be the size of dinner plates.
completely different story when you make them get out of the chair and go do stuff in meatspace.
fucking awesome, 500/10. would tabletop again.
also having a bunch of dumb/bullshit domain names from back in the hayday of redteaming is super helpful. having a lolballs domain name for your badness to phone home to makes it fun to find
-
@Nonya_Bidniss neat! i wager they wont think twice about me since i have zero .mil experience or .gov experience, but it would be cool to participate in one of those
@Viss Who knows? Can't hurt to ask if it interests you. When I was in the IC we'd constantly invite experts from all kinds of fields & industries to let us pick their brains, give talks, participate in events...they didn't have any connection to govt but they had knowledge we wanted. Anyway if you know someone who might be interested, you can pass it along.
-
R relay@relay.infosec.exchange shared this topic
