CactusCon 2018 Sept. 28, 2018 to Sept. 29, 2018, Mesa, USA
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
Pathways Into Darkness: Hunting for Adversary Behaviors Atop the Pyramid Of Pain | Kyle Gervais | Analysts are becoming swamped with the work of processing and searching for atomic indicators from ... | |
Detecting WMI Exploitation | Michael Gough | Windows Management Instrumentation (WMI) is loved by the Red Team, Pentesters, and the criminals. There ... | |
DarkMention: Next-Generation Attack Prediction | Paulo Shakarian | The direct and indirect costs of cyber attacks continue to mount while the volume of ... | |
Working with WeirdAAL (AWS Attack Library) | Chris Gates , Ken Johnson | Contrary to most presentations and blog posts there is more to AWS than S3. In ... | |
On the Nose: Bypassing Huawei's Fingerprint Authentication by Exploiting the TrustZone | Nick Stephens | After hundreds of vulnerabilities disclosed and countless roots of smartphones the landscape of privilege separation ... | |
Detecting Dedicated Infrastructure | Jeremiah O'connor , Artsiom Holub | Detecting the bulletproof hostings that make up the dedicated infrastructure used by Phishing and Malware ... | |
So You Want To Be a Mentor: Taking Someone from Noob to Knowledgeable | Nick Moore | This paper comes out of dozens of conversations I’ve had with people wanting to get ... | |
Stealing Cycles, Mining Coin: An Introduction to Malicious Cryptomining | Edmund Brumaghin | In today's world crimeware is a multi-billion dollar industry that's currently being primarily run through ... | |
How Can I Find Thee? Let Me Count the Ways - Automated Bug Finding in Practice | Clint Gibler , Daniel Defreez | Over the past decade, there have been a number of automatic and semi-automatic approaches used ... | |
Return of Return of the Dork | N/a | N/A | |
Blue Team Password Cracking | N/a | N/A | |
Failures of Mobile Blacklists | N/a | N/A | |
Real Talk on Comms | N/a | N/A | |
Weaponizing Your Pi | John Freimuth | Pentesting requires you to think outside the box and come up with new and inventive ... | |
Red Team Tactics for Cracking the GSuite Perimeter | Mike Felch | As more corporations adopt Google for providing cloud services they are also inheriting the security ... | |
ARMaHYDAN - Misadventures of ARM Instruction Encodings | Xlogicx | Because some instruction bit fields in the ARM manual were unexplained and assembly language is ... | |
Keynote: Building a Better Hacker Future | Jamie Winterton | N/A | |
Implementing a Kick-Butt Training Program: BLUE TEAM GO! | Ryan J. Chapman | Hands-on incident response roles such as those found within a SOC or CIRT are difficult ... | |
Searching the Void - IPv6 Network Reconnaissance | Kevin Tyers | The entire IPv4 Internet can be scanned in under 10 minutes. To scan the entire ... | |
Wireless Monitoring with the #WiFiCactus | Mike Spicer | The #WiFiCactus is a wireless monitoring tool that is capable of listening to 50+ channels ... | |
Bug Bounty: Under the Hood | Ray Duran , Pax Whitmore , Mitchell Poortinga | We've all heard about Bug Bounty programs, and they are becoming far more accepted and ... | |
Running Laps Around Microsoft's LAPS | Actualreverend , Catatonicprime | Microsoft's Local Administrator Password Solution (LAPS) is a great product for large monolithic organizations that ... | |
Automation and Open Source: Turning the Tide on Attackers | John Grigg | The security world is still trying figure out how to deal with the overwhelming number ... | |
Anatomy of an AppSec Program; OR How to Stop Deploying Shoddy Code to Production Systems | Joe Ward | It’s 2018, and we are haunted by the same vulnerabilities from more than a decade ... | |
Grandma Got Run Over by an Email – Senior Citizens and Computer Security | Russ Gritzo | It may be hard to believe, but people born at the start of the Baby ... | |
Lessons Learned: Emerging Adversary Playbooks | Nicholai Piagentini | Based on observed activities across thousands of enterprises worldwide we will look at how techniques ... | |
Quest Accepted | Jeremy Ralston | Security awareness training is BORING, users click through as fast as they can and guess ... |