CactusCon 2018 Sept. 28, 2018 to Sept. 29, 2018, Mesa, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Pathways Into Darkness: Hunting for Adversary Behaviors Atop the Pyramid Of Pain Kyle Gervais Analysts are becoming swamped with the work of processing and searching for atomic indicators from ...
Detecting WMI Exploitation Michael Gough Windows Management Instrumentation (WMI) is loved by the Red Team, Pentesters, and the criminals. There ...
DarkMention: Next-Generation Attack Prediction Paulo Shakarian The direct and indirect costs of cyber attacks continue to mount while the volume of ...
Working with WeirdAAL (AWS Attack Library) Chris Gates , Ken Johnson Contrary to most presentations and blog posts there is more to AWS than S3. In ...
On the Nose: Bypassing Huawei's Fingerprint Authentication by Exploiting the TrustZone Nick Stephens After hundreds of vulnerabilities disclosed and countless roots of smartphones the landscape of privilege separation ...
Detecting Dedicated Infrastructure Artsiom Holub , Jeremiah O'connor Detecting the bulletproof hostings that make up the dedicated infrastructure used by Phishing and Malware ...
So You Want To Be a Mentor: Taking Someone from Noob to Knowledgeable Nick Moore This paper comes out of dozens of conversations I’ve had with people wanting to get ...
Stealing Cycles, Mining Coin: An Introduction to Malicious Cryptomining Edmund Brumaghin In today's world crimeware is a multi-billion dollar industry that's currently being primarily run through ...
How Can I Find Thee? Let Me Count the Ways - Automated Bug Finding in Practice Clint Gibler , Daniel Defreez Over the past decade, there have been a number of automatic and semi-automatic approaches used ...
Return of Return of the Dork N/a N/A
Blue Team Password Cracking N/a N/A
Failures of Mobile Blacklists N/a N/A
Real Talk on Comms N/a N/A
Weaponizing Your Pi John Freimuth Pentesting requires you to think outside the box and come up with new and inventive ...
Red Team Tactics for Cracking the GSuite Perimeter Mike Felch As more corporations adopt Google for providing cloud services they are also inheriting the security ...
ARMaHYDAN - Misadventures of ARM Instruction Encodings Xlogicx Because some instruction bit fields in the ARM manual were unexplained and assembly language is ...
Keynote: Building a Better Hacker Future Jamie Winterton N/A
Implementing a Kick-Butt Training Program: BLUE TEAM GO! Ryan J. Chapman Hands-on incident response roles such as those found within a SOC or CIRT are difficult ...
Searching the Void - IPv6 Network Reconnaissance Kevin Tyers The entire IPv4 Internet can be scanned in under 10 minutes. To scan the entire ...
Wireless Monitoring with the #WiFiCactus Mike Spicer The #WiFiCactus is a wireless monitoring tool that is capable of listening to 50+ channels ...
Bug Bounty: Under the Hood Ray Duran , Pax Whitmore , Mitchell Poortinga We've all heard about Bug Bounty programs, and they are becoming far more accepted and ...
Running Laps Around Microsoft's LAPS Actualreverend , Catatonicprime Microsoft's Local Administrator Password Solution (LAPS) is a great product for large monolithic organizations that ...
Automation and Open Source: Turning the Tide on Attackers John Grigg The security world is still trying figure out how to deal with the overwhelming number ...
Anatomy of an AppSec Program; OR How to Stop Deploying Shoddy Code to Production Systems Joe Ward It’s 2018, and we are haunted by the same vulnerabilities from more than a decade ...
Grandma Got Run Over by an Email – Senior Citizens and Computer Security Russ Gritzo It may be hard to believe, but people born at the start of the Baby ...
Lessons Learned: Emerging Adversary Playbooks Nicholai Piagentini Based on observed activities across thousands of enterprises worldwide we will look at how techniques ...
Quest Accepted Jeremy Ralston Security awareness training is BORING, users click through as fast as they can and guess ...