{"version":"1.0","provider_name":"OTAVA","provider_url":"https:\/\/www.otava.com","title":"Tips From an InfoSec Expert: Incident Response","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"0Wp4yTQKwq\"><a href=\"https:\/\/www.otava.com\/blog\/tips-from-an-infosec-expert-incident-response\/\">Tips From an InfoSec Expert: Incident Response<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.otava.com\/blog\/tips-from-an-infosec-expert-incident-response\/embed\/#?secret=0Wp4yTQKwq\" width=\"600\" height=\"338\" title=\"&#8220;Tips From an InfoSec Expert: Incident Response&#8221; &#8212; OTAVA\" data-secret=\"0Wp4yTQKwq\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.otava.com\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","description":"While at BSides Detroit, I was able to catch some really great sessions. One in particular, Josh Little\u2019s A Cascade of Pebbles: How Small Incident Response Mistakes Make for Big Compromises, was extremely informative, as it allowed the audience a chance to see mitigation efforts from the the outside of a targeted attack, giving clear takeaways that all companies can use to make their incident response processes more effective. Immediately Little\u2019s team tried a straightforward phishing email, to no avail. So, they spent a few days creating an intricate fake company; one that showed on Google searches, had a company news ticker, and information on the \u2018executives\u2019. The point of the email was to have users fill out a survey and \u2018login\u2019, thus giving their username and password. One user did fill out the survey, and they had credentials to get into the network. Simultaneously, someone in the IT department realized that it was bogus, and sent an email out to everyone who received the email telling them not to click on it. He also checked the logs, and seeing that no one had clicked, he decided that it was taken care of. What he didn\u2019t know was that the..."}