With so many breaches being reported in the media, information security professionals can develop “breach fatigue,” losing sight of the cause and effect of the controls that failed and not learning from those mistakes. This talk uses specially created technology to re-create some recent breaches and walks participants through actual hacks of the vulnerabilities that allowed the breach to occur. Then we discuss how the failed controls could have been hardened to reduce or even eliminate the risk. We'll include demonstrations of attacks against web sites, spear phishing, mobile devices and access control failures.