Improving CACTUSTORCH payloads

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 8, 2019, 1 p.m. (45 minutes)

CACTUSTORCH has become a favorite phishing tool for many folks performing phishing to get payloads into organizations. This talk will discuss how to use the Bettertorch code that was released earlier this year along with improved COM object code that will be released with this talk to further improve phishing payloads through maldocs. There will be a discussion of what has been added, what additional features it provides, and how to use it for detection avoidance. We’ll also discuss how the code is laid out and some of the requirements to add to this project so that you can make it your own and further improve bypass capabilities.

Presenters:

• Ryan Linn
  Ryan Linn has a background in red teaming, penetration testing, incident response, and forensics that has helped him to understand many of the challenges that security practitioners face today. He enjoys sharing this knowledge at places like DefCon, BlackHat, DerbyCon and many others. He has helped train individuals in corporate security, law enforcement, and federal governments around the world on hacking and incident response techniques. Ryan is one of the authors Gray Hat Hacking and has contributed to many open source frameworks including Metasploit, BeEF and Ettercap.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Improving CACTUSTORCH payloads Ryan Linn.mp4
• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Improving CACTUSTORCH payloads Ryan Linn.eng.srt (subtitles)
• https://www.youtube.com/watch?v=w05dv_zBf6o

Similar Presentations:

• Kiwicon X: The Truth is In Here (2016) / Practical Phishing Automation with PhishLulz
• DEF CON 30 (2022) / Hybrid Phishing Payloads: From Threat-actors to You Workshop
• NolaCon 2017 / Phishing for Shellz: Setting up a Phishing Campaign