Russ From

Russ From

Micro And Nano-Segmentation: Lessons Learned From The Field, Thoughts On The Future

This presentation introduces Micro-Segmentation and includes industry adoption statistics, strategies, and implementation examples. This presentation came from my personal experience implementing Micro-Segmentation in a fully virtualized hosted infrastructure environment for many large hospital systems. This talk will cover why we need segmentation, what the benefits are, how it evolved, and what it enables before explaining a flaw of Micro- Segmentation and how it is addressed using the recently defined term Nano-Segmentation. I also briefly touch on the famous Zero Trust Model and how Micro-Segmentation makes security more effective by following the principles of the Zero Trust Framework. Last, I will briefly cover how any organization can implement Micro and Nano-Segmentation using Tanium in a physical and/or virtual environment that scales up to millions of endpoints.


Chris Merkel

Chris Merkel

Shifting Security Left: Self-Service Security for Developers and Beyond

The shift to the cloud, Agile and DevOps is making it more difficult than ever for security teams to control what happens in their organizations and secure systems.

The obvious solution is more security tools, more security people, and ever-inventive ways to reign in your environment.

You. Will. Fail.

The only way to get better is by giving up the illusion of control and the delusion that you can achieve control.

Instead, we’ll talk about how engineering automation to create a culture of empowerment, self-reliance and trust can result in better security outcomes. Along the way, we’ll learn about how the adoption of Agile and DevOps is creating value in some unexpected ways…


 Ian Klatzco

Ian Klatzco

Building a Cohesive Undergraduate Security Club

Building good teams (either in the “elite” sense or the “healthy culture” sense) is hard. Our university security club had its ups and downs between boring meetings and inaccessibility to newcomers — we stepped it up this year with on a tighter meeting format, approachable 24-7 internal CTF, and internal documentation. We saw better attendance, more people staying after meetings, and freshmen successfully completing projects with upperclassman mentorship. Other exciting developments include reusable published meetings and writing our own fuzzers.


Jim Nitterauer

Decrypting the Mess that is SSL /TLS Negotiation – Preparing for the 2020 Apocalypse

Recently, all major browser vendors agreed in principle to end support for TLS (Transport Layer Security) versions 1.0 and 1.1 in 2020. SSL (Secure Sockets Layer) version 3.0 support was removed from Chrome in early 2015 effectively ending the use of SSL completely. Akamai will discontinue support for TLS 1.0/1.1 on January 7th, 2019. These protocols have all been found to have various vulnerabilities that no longer make them safe for use in the negotiation of secure connections between end points.

With the deprecation of these cryptographic protocols, several new security exploits have come to light. These exploits including Heartbleed, POODLE, BEAST, CRIME and others attempt to disrupt the availability of services or stealing data. The most common service using TLS is obviously web traffic that is transmitted via https. Since SSL and TLS are secure connection negotiation protocols, the process for establishing a secure connection can be used for almost any type of traffic. Some of the more common ones aside from https are DNS, VPN, SMTP, POP3 and IMAP. All rely on the ability of client and server to understand a common protocol and the ability to negotiate a connection based upon a commonly understood version.

Many server-side instances still utilize older versions that support deprecated SSL/TLS versions leaving them vulnerable to availability and integrity attacks. Many client applications have the same issues with many of those built into IOT devices which are rarely upgraded.

We needed to find a means to understand what types of conversations were happening on our publicfacing proxy services. We noticed a rash of SSL downgrade attacks that resulted in intermittent outages.

We also wanted to be able to proactively engage our customers by letting them know that they had devices on their network reaching out to us using deprecated or soon to be deprecated SSL/TLS versions.

This talk will provide a quick overview of the major SSL/TLS versions along with their major vulnerabilities. I will then discuss how we were able to use some F5 iRule magic on our load balancers combined with Graylog (a log aggregation platform) to track as well as block undesirable client and server connections to our proxy end points. This strategy can easily be adapted to any protocol scenario that uses TLS connection negotiation.


James Arndt

James Arndt

Always Look a Gift (Trojan) Horse in the Mouth

It could be said that the city of Troy needed to update its antivirus or intrusion detection signatures. Maybe they needed to dust off their acceptable use policy on their SharePoint site? Or did their end users need more security training? Didn’t anyone warn the CEO of Troy that it is dangerous to push the “Enable Content” button on strange horses that show up outside the city wall? If only the city of Troy had a citizen that could have torn apart the Trojan Horse to see what was really going on inside.
The same goes for malicious emails. Someone will report a suspicious email because they think it might be malicious. But how bad is it really? Unless you are able to dig into the email and perform a thorough analysis on its attachments, you’ll never know how bad it is, how it behaves, and what it may be trying to contact.
In this talk, attendees will learn various tools and techniques that can be used to thoroughly analyze a malicous attachment and everything that comes after it. In order to get as many stones as possible, we will want to leave no stone unturned. This information can then be used to look for indicators of compromise throughout your environment.

Keenan Skelly

Keenan Skelly

Beat the APTs: Explore Digital Forensics through Gamified Cyber Learning

Ever cyber professional wants to stop an APT from hurting their company. But when they can’t stop an attack, they seek to expose the criminal, so they can learn from the incident and identify preventative measures. To beat the bad guys and keep pace with today’s evolving cyberattacks, we need an equally dynamic, adaptive, and engaging cybersecurity skills strategy to save our enterprises. Digital forensics—the process of identifying, preserving, analyzing, and presenting digital evidence—is one of many cyber skills necessary in today’s hacking culture.

To support this discipline, Keenan will share how gamified cyber range environments are emerging to assist investigators in the capture, analysis, and preservation of evidence. She will explain how these virtual environments can deliver realistic cybersecurity scenarios for professionals to train both individual and overall team competencies. Keenan will share how users can engage in life-like cyber scenarios inspired by modern-day hacking events to not only refine digital forensic investigation processes but also help professionals learn from beginning to end how and why a hacker attacks in the first place.

Keenan will explain the benefits of gamified cyber range learning and how it can benefit cyber teams. As a result of this new game-inspired learning method, digital forensic professionals gain the ability to “beat the hacker” at their own game—through a game-like cyber range that most authentically represents future scenarios they will encounter. Cyber professionals can learn new, more efficient approaches to deploying computer/network/mobile digital forensics leveraging real-world examples of incidents. Further, gamifying cybersecurity exercises allows teams to better protect enterprises from future attacks and bring cybercriminals to justice.


Ian Sindermann

Ian Sindermann

Unhinging Security on the Buffalo TeraStation NAS

Often times it only takes a small oversight to cause a vulnerability, even when it comes to severe vulnerabilities. The Buffalo TeraStation NAS demonstrates this idea beautifully in that it has a variety of features that do just a tad more than they should. Using these oversights as examples, I’ll provide an overview of the thought processes, mindset, and skills used to turn happy little oversights into happy little shells. There will be an abundance of facepalms and IoT war stories, and if that wasn’t enough, there’s a good chance these vulns will still be unpatched.


Cindy Murphy

Cindy Murphy

KeyNote: Now you see it, now you don’t: The magic of forensic artifacts hiding in plain sight

In the field of digital forensics, we have our tried and true artifacts and methods to find them. However, occasionally we uncover information or methods that challenge what we’ve always known, especially when we expect to see nothing and instead uncover a wealth of information. Digital forensics expert Cindy Murphy, M.Sc. will use this session to unpack the myths of digital forensics she uncovered since her career pivot from law enforcement to private digital forensics work. For example, when an SD card shows all zeros, is it actually empty? Or, are we really getting a full forensic image from this hard drive? From there, she will discuss how to navigate those myths and most importantly, how to keep moving forward in an ever-changing industry. Session attendees will walk away feeling empowered to ask questions and challenge the status quo in the digital forensics profession.