Segmentation Theater: Finding the routes attackers use with HD Moore

The air gap is dead, but the illusion of segmentation is thriving.

From the SANS Winter Cyber Solutions Fest 2026: Utilities and Critical Infrastructure event, HD Moore presents Segmentation Theater. Attackers don't respect network diagrams; they exploit edge device zero-days, abuse forgotten cellular backup links, and pivot through multi-homed systems that quietly route around every control you've deployed. Meanwhile, passive monitoring, vulnerability scanners, and OEM tools consistently miss the exposure paths that matter most.

HD Moore explains:

• Real-world bypass techniques from recent incidents where segmentation catastrophically failed
• Why traditional verification methods fail to identify hidden connectivity between IT, OT, and the internet
• An attacker-centric model for segmentation verification that asks "What is reachable?" instead of "What should be isolated?"
• Practical techniques to identify unintended pathways, prioritize critical chokepoints, and close routes before they become incidents

This session includes a live demonstration of active discovery techniques that reveal the hidden network paths defenders miss but attackers always find.