i want to play a game [kaboom][chaos engineering][nynhex]

in #security6 years ago (edited)

i coined the name, kaboom which is a gamification system based on chaos engineering which can extend to disaster/cybersecurity incidents. it's been a while since i've held a game, time to play!

rules:

  • you must answer without the help of others
  • if you don't know, then don't answer.
  • you are allowed one answer

game theme, "sloppy keyholder"

an employee who manages your infra does not securely store their credentials. they get pwned, now your company's credentials are all over the internet. oh and for fun, let's say their 2fa is compromised. an attacker takes advantage of this and...

knocks out all a/cname/mx records, hijacks your registrar account and dumps your domains.

knocks out all vps/cloud servers, deletes backups/snapshots/nukes the account.

knocks out all 3rd party services and cancels accounts.

knockout all social media outlets and cancel accounts.

1st person who can come up with a decent response plan to restore business continuity gets a $20 gift card from #amazon or #starbucks

you have 24 hours from 02:40 utc

good luck

Sort:  

no one was able to answer this...

tomorrow i will post a mitigation and prevention plan