Josh Frantz

Josh Frantz

Thrift Shoppin’ with your data

Do you ever wonder what happens with disk drives, flash drives, even floppy drives when you drop them off at thrift stores or e-recycling centers? You signed an agreement saying they would wipe your data, so that no one could ever find those text files filled with passwords and sensitive information. Well, even though you signed that piece of paper, these thrift stores and e-recycling centers have not been making good on their contractual obligations.

We all have a box of wires, 10 flash drives and 5 hard drives laying around. How do you properly dispose of those devices safely and securely? In this presentation, we take a dive into thrift shopping all around Wisconsin, in particular, buying your data back from those who agreed to destroy it. You signed an agreement saying that your disks would be wiped, your data destroyed, but based on what i found, that couldn’t be further from the truth.


Michelle Meas

Michelle Meas

What happens when a genome database is breached?

DNA sequencing has gotten exponentially cheaper since its invention, and is rapidly becoming a popular consumer good, given as Christmas presents and advertised on Facebook. However, the companies that perform this sequencing are effectively unregulated, and what they do with the mountains of data accumulated in this process is hardly transparent. This talk will begin with an overview of gene sequencing technology, then discuss the data actually collected by many popular companies. The talk will conclude with a discussion of how this data could be weaponized by bad actors after a data breach, both now and going forwards.


J Wolfgang Goerlich

J Wolfgang Goerlich

Encryption, Silver Bullets, and Holy Water

Werewolves attack? We have silver bullets. Vampires attack? We have holy water. Criminal hackers attack? We have encryption. Or at least, that’s how we’d like it to play out. The villains come and the heroes beat them back. But too often, encryption is like water without the holy, bullets without the silver. The configuration is wrong, or the code is incomplete, or other simple flaws trip us up. This talk will cover how and where to architect for encryption to get real protection


Keenan Skelly

Keenan Skelly

Beat the APTs: Explore Digital Forensics through Gamified Cyber Learning

Ever cyber professional wants to stop an APT from hurting their company. But when they can’t stop an attack, they seek to expose the criminal, so they can learn from the incident and identify preventative measures. To beat the bad guys and keep pace with today’s evolving cyberattacks, we need an equally dynamic, adaptive, and engaging cybersecurity skills strategy to save our enterprises. Digital forensics—the process of identifying, preserving, analyzing, and presenting digital evidence—is one of many cyber skills necessary in today’s hacking culture.

To support this discipline, Keenan will share how gamified cyber range environments are emerging to assist investigators in the capture, analysis, and preservation of evidence. She will explain how these virtual environments can deliver realistic cybersecurity scenarios for professionals to train both individual and overall team competencies. Keenan will share how users can engage in life-like cyber scenarios inspired by modern-day hacking events to not only refine digital forensic investigation processes but also help professionals learn from beginning to end how and why a hacker attacks in the first place.

Keenan will explain the benefits of gamified cyber range learning and how it can benefit cyber teams. As a result of this new game-inspired learning method, digital forensic professionals gain the ability to “beat the hacker” at their own game—through a game-like cyber range that most authentically represents future scenarios they will encounter. Cyber professionals can learn new, more efficient approaches to deploying computer/network/mobile digital forensics leveraging real-world examples of incidents. Further, gamifying cybersecurity exercises allows teams to better protect enterprises from future attacks and bring cybercriminals to justice.


Josh Bressers

Josh Bressers

Spelunking the Bitcoin blockchain

There are few topics that capture the imagination and headlines like Bitcoin. Many of us understand what Bitcoin is and how it works on a technical level. Bitcoin’s blockchain is a bit like art; sometime you just have to see it with your own eyes.
What if we use modern big data tools to store the blockchain data in a format that can be searched, viewed, and explored? Once you can see the data you can start to discover what Bitcoin is and how it works. It stops being ones and zeros and becomes a story we can watch unfold.
We tend to think about Bitcoin in the context of moving coins around. The coins that get mined and traded are certainly interesting but they’re not the whole story. There are plenty of other interesting aspects in the Bitcoin data. Watching the difficulty of the work, seeing how time of day and seasons affect the transactions flowing through the system. Even understanding what some of the upper bounds on what Bitcoin will be able to accomplish are. We can explore this data in a visual way that can be understood.
The most interesting part of Bitcoin isn’t the coin however. It’s something called nonstandard transactions. Most transactions in the blockchain are strings of data that move coins around. But a transaction isn’t limited to only moving around coins, it can be any random string of data. There are a substantial number of transactions that contain unique and interesting strings. Strings that don’t move the coins around, strings that contain messages. Strange things that only the anonymous person who placed it there may ever understand. There are hundreds of thousands of nonstandard transactions in Bitcoin’s blockchain. We have the ability to see them now, it feels like finding a secret note someone left behind.
Let’s spend some time looking at all this data. What can we learn about how Bitcoin works. What are some trends we’re seeing. And most importantly what are some of the secrets the blockchain holds for us to find. The best part is everything we look at is open data and all the tools we use are open source. You can continue the investigation on your own using what you learn in this session as your inspiration and guide.


Vi Grey

Vi Grey

Bet You Never Played an NES Game like This: Innovating Under Limitations

We all know someone who has a Nintendo Entertainment System (NES) sitting around collecting dust.  The 1980s gaming console was limited in its capabilities, but just how much wiggle room does that leave for mischief?  In this talk, Vi Grey will demonstrate how it is possible to innovate under the limitations the NES restricts us with to create new ways a person can interact with a game.  You will see NES games that are also fully functioning web pages and ZIP files, console memory dumps that can be opened as JPEG images, game cartridges that secretly contain other entire NES games, and much more.


Cindy Murphy

Cindy Murphy

KeyNote: Now you see it, now you don’t: The magic of forensic artifacts hiding in plain sight

In the field of digital forensics, we have our tried and true artifacts and methods to find them. However, occasionally we uncover information or methods that challenge what we’ve always known, especially when we expect to see nothing and instead uncover a wealth of information. Digital forensics expert Cindy Murphy, M.Sc. will use this session to unpack the myths of digital forensics she uncovered since her career pivot from law enforcement to private digital forensics work. For example, when an SD card shows all zeros, is it actually empty? Or, are we really getting a full forensic image from this hard drive? From there, she will discuss how to navigate those myths and most importantly, how to keep moving forward in an ever-changing industry. Session attendees will walk away feeling empowered to ask questions and challenge the status quo in the digital forensics profession.