We’ve been a regular sponsor of Arizona’s largest security conference, CactusCon, for the past several years (see this blog post from last year’s event). This year, we were both active on the CactusCon Discord server as well as on the ground in Mesa.
Always a favorite among Bishop Fox consultants, we attended several talks at CactusCon 10 (all of which are now available online for your viewing pleasure). And unsurprisingly (as attacks continue to have devastating blows), ransomware was a hot topic. Check out a few of our favorite talks below.
“Building a Ransomware Incident Response Plan”
by Allan Liska (@uuallan)
As “ransomware scholar” Allan Liska notes in the beginning of this presentation, ransomware attacks increased significantly in 2021. And you can expect that trend to continue. Liska delves into how an attack typically plays out, why it’s so crucial to have a ransomware-specific incident response plan, and the phases to include in a comprehensive plan. By the time you finish watching, you will feel more confident about triaging a future ransomware incident.
“Dissecting the Ransomware Kill Chain: Why Companies Need It”
Keeping with the ransomware theme, this next talk discusses more of the current state of ransomware and how the COVID-19 pandemic led to an uptick in attacks. This leads to the researchers introducing an updated framework for disrupting ransomware attacks, the kill chain alluded to in their talk’s title. Minder and Webster-Jacobsen’s talk actually serves as a complementary piece to Liska’s presentation; the two both share actionable insight on how to respond to attacks when they (eventually) manifest.
“Nits Among Your Bits: A Dive into LockВit Ransomware Operations”
by Oleg Skulkin (@oskulkin)
The strain of ransomware known as LockBit has been in the news yet again, so this presentation by Oleg Skulkin could not be more topical. Anything you wanted to know about this type of ransomware, it’s probably featured in “Nits Among Your Bits.” Skulkin gives an in-depth look at LockBit, sharing the backstory on this ransomware-as-a-service program and demonstrating how a ransomware attack unfolds. He shows how it can be difficult for defenders to respond to, as LockBit affiliates tend to remove Windows Event Logs and data from staging folders. He also shows what transpires once LockBit has entered an organization’s environment. You can clearly see why LockBit remains a popular choice for adversaries by watching this presentation.
“Level Up Your Vulnerability Management Program”
by Andy Jordan (@Andy_J_Jordan)
Although this talk is more intended for blue teamers (or purple teamers,) it’s still a useful talk for pen testers to check out, as the number of CVEs discovered increases year after year, especially critical and high-risk ones. With a decade of vulnerability management experience, Jordan’s perspective on how to create an actionable blueprint for efficiently finding and addressing vulnerabilities is invaluable.
“Hacking Back Scammers”
by Ryan Dinnan (@s0merset7), Jacob Abraham, Joshua Pardhe, Megi Bashir
This group of Arizona State University students decided to give scammers a taste of their own medicine for their capstone project, thus bringing about this CactusCon presentation. Scams are (be it romance, dating, tech support, employment, cryptocurrency, or so on) ubiquitous, and these student researchers hope to raise more awareness about this potentially dangerous (not to mention plain annoying) security threat. They used their findings to compile trends on scams, such as what population is most susceptible to certain scams. Their research is both impressive as well as disturbing, and it’ll be interesting to see what further work this inspires.
For more insights into the happenings and discussions from CactusCon 10, we recommend joining the community’s Discord server. There are a variety of topics that include blue teaming, red teaming, jobs/hiring, threat intel, and more.
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.