Russ From

Russ From

Micro And Nano-Segmentation: Lessons Learned From The Field, Thoughts On The Future

This presentation introduces Micro-Segmentation and includes industry adoption statistics, strategies, and implementation examples. This presentation came from my personal experience implementing Micro-Segmentation in a fully virtualized hosted infrastructure environment for many large hospital systems. This talk will cover why we need segmentation, what the benefits are, how it evolved, and what it enables before explaining a flaw of Micro- Segmentation and how it is addressed using the recently defined term Nano-Segmentation. I also briefly touch on the famous Zero Trust Model and how Micro-Segmentation makes security more effective by following the principles of the Zero Trust Framework. Last, I will briefly cover how any organization can implement Micro and Nano-Segmentation using Tanium in a physical and/or virtual environment that scales up to millions of endpoints.


J Wolfgang Goerlich

J Wolfgang Goerlich

Encryption, Silver Bullets, and Holy Water

Werewolves attack? We have silver bullets. Vampires attack? We have holy water. Criminal hackers attack? We have encryption. Or at least, that’s how we’d like it to play out. The villains come and the heroes beat them back. But too often, encryption is like water without the holy, bullets without the silver. The configuration is wrong, or the code is incomplete, or other simple flaws trip us up. This talk will cover how and where to architect for encryption to get real protection


Eric Escobar

Eric Escobar Matt Orme

Matt Orme

Remote Wireless Pentesting in a nutshell (or ammo can)

Wireless pentesting typically requires physical proximity to a target which requires time, limited resources, and constant traveling. Eric & Matt have pioneered an inexpensive device to covertly perform wireless pentests anywhere on earth. Their unique solution to the problem centers around the ability to perform a wireless pentest remotely. To achieve this lofty goal they did what any hackers would do; scrounge up pieces and parts until they had a workable prototype that could phone home via multiple LTE connections and give remote access to the wireless environment surrounding their device. Much improved since it’s tangle of wires and packing peanuts, a year later their device has compromised dozens of enterprise networks spanning 3 continents. In this talk we’ll discuss why we built it, how it works, and why we think it will revolutionize wireless pentesting.


Josh Bressers

Josh Bressers

Spelunking the Bitcoin blockchain

There are few topics that capture the imagination and headlines like Bitcoin. Many of us understand what Bitcoin is and how it works on a technical level. Bitcoin’s blockchain is a bit like art; sometime you just have to see it with your own eyes.
What if we use modern big data tools to store the blockchain data in a format that can be searched, viewed, and explored? Once you can see the data you can start to discover what Bitcoin is and how it works. It stops being ones and zeros and becomes a story we can watch unfold.
We tend to think about Bitcoin in the context of moving coins around. The coins that get mined and traded are certainly interesting but they’re not the whole story. There are plenty of other interesting aspects in the Bitcoin data. Watching the difficulty of the work, seeing how time of day and seasons affect the transactions flowing through the system. Even understanding what some of the upper bounds on what Bitcoin will be able to accomplish are. We can explore this data in a visual way that can be understood.
The most interesting part of Bitcoin isn’t the coin however. It’s something called nonstandard transactions. Most transactions in the blockchain are strings of data that move coins around. But a transaction isn’t limited to only moving around coins, it can be any random string of data. There are a substantial number of transactions that contain unique and interesting strings. Strings that don’t move the coins around, strings that contain messages. Strange things that only the anonymous person who placed it there may ever understand. There are hundreds of thousands of nonstandard transactions in Bitcoin’s blockchain. We have the ability to see them now, it feels like finding a secret note someone left behind.
Let’s spend some time looking at all this data. What can we learn about how Bitcoin works. What are some trends we’re seeing. And most importantly what are some of the secrets the blockchain holds for us to find. The best part is everything we look at is open data and all the tools we use are open source. You can continue the investigation on your own using what you learn in this session as your inspiration and guide.


Vi Grey

Vi Grey

Bet You Never Played an NES Game like This: Innovating Under Limitations

We all know someone who has a Nintendo Entertainment System (NES) sitting around collecting dust.  The 1980s gaming console was limited in its capabilities, but just how much wiggle room does that leave for mischief?  In this talk, Vi Grey will demonstrate how it is possible to innovate under the limitations the NES restricts us with to create new ways a person can interact with a game.  You will see NES games that are also fully functioning web pages and ZIP files, console memory dumps that can be opened as JPEG images, game cartridges that secretly contain other entire NES games, and much more.


Matthew Werner

Matthew Werner

Anatomy of a Hotwallet – Bitcoin at Scale

Anatomy of a Hotwallet – Bitcoin at Scale
Coinbase has become one of the leading cryptocurrency exchanges in the world. The systems we’ve built to satisfy the increasing volume of sends and receives on a variety of blockchains is called our “hot wallet”. Operating these systems require special technical expertise and a strong understanding of the nuances of these new technologies. This talk describes how the systems operate, challenges we’ve faced, and how we’ve overcome these constraints to provide our customers with a world-class cryptocurrency product. The talk will include topics such as fee estimation, coin selection, change splitting, UTXO consolidation, and child pays for parent.