Track: Security War Stories


Day of week:

Building secure infrastructure, networks, and office spaces is not just an intellectual exercise or a means to be compliant with law. Real-life adversaries are constantly attempting to defraud, abuse, infiltrate, socially engineer, and compromise any network that holds value. These adversaries are creative - we, as defenders, can learn more from their real-world tactics than we can from any academic study or hypothetical strategy discussion. This track explores real attacks, the lessons learned, and the improved systems that are built in response.

Track Host:
Olaf Carlson-Wee
Head of Risk @Coinbase
Olaf is the Head of Risk at Coinbase, the largest bitcoin company in the world, where he was the first employee. He received a BA from Vassar College after completing his thesis on distributed networking, the implications of the mass adoption of bitcoin, and the development of open source cryptographic technologies. At Coinbase, he built a 40 person operation's team, conducted agent training for the FBI, HSI, and Treasury Department, and designed fraud prevention and account security mechanisms protecting billions of dollars in transactional value occurring in over 30 countries. He is an expert in decentralized ledger protocols, crypto-based financial instruments, and anti-fraud systems at scale.
10:35am - 11:25am

by Ryan Huber
Security @SlackHQ

As developers, we use logs and metrics every day. Modern development and operations teams use this data to guide their decisions. We can find performance issues, hotspots, memory leaks, and broken networks or hosts. We also use this information to help with capacity planning and to prioritize our development time.

In this talk, I will discuss the ways an organization should approach looking at this information to make informed...

11:50am - 12:40pm

by Olaf Carlson-Wee
Head of Risk @Coinbase

Cryptocurrency allows millions of dollars to be stored on a flash drive, on a piece on paper, or in a passphrase. Running a cloud-based bank means keeping private keys secure and offline, yet accessible with little notice. This talk examines various novel cryptosystems used to facilitate the secure storage billions of dollars in global crypto banks.

1:40pm - 2:30pm

by Dan Guido
Co-Founder & CEO @TrailOfBits

iOS applications have become an increasingly popular targets for hackers, reverse engineers, and software pirates. In this presentation, we discuss the current state of iOS attacks, review available security APIs, and reveal why they are not enough to defend against known threats. For high-risk applications, novel protections that go beyond those offered by Apple are required. As a solution, we discuss the design of the...

2:55pm - 3:45pm

by Chris Rohlf
Director - Penetration Testing / Red Team @Yahoo

We know that scale, size, and complexity affects security in huge ways. As our deployments grow in size, the requirement for automation brings with it the inherent challenges of authentication, authorization, and a long list of other security controls. But, how do scale, size, and complexity affect your adversaries’ offense operations?

This talk will explore how we look at offense in a world of large containerized deployments...

4:10pm - 5:00pm

by Richard Kasperowski
Author of The Core Protocols: A Guide to Greatness

Open Space
5:25pm - 6:15pm

by Christina Camilleri
Penetration Tester & Social Engineer @BishopFox

The fault of the computer system is that it can only follow instructions. The fault of the human is that it can only make judgement calls. However, when we think about this in relation to information security, what happens when these two factors collide? Hint: bad stuff.

Together, we will explore how social engineering can be used in conjunction with technical attacks to create sophisticated and destructive attack chains, share...


Monday, 13 June

Tuesday, 14 June

Wednesday, 15 June