Improving CACTUSTORCH payloads

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 8, 2019, 1 p.m. (45 minutes)

CACTUSTORCH has become a favorite phishing tool for many folks performing phishing to get payloads into organizations. This talk will discuss how to use the Bettertorch code that was released earlier this year along with improved COM object code that will be released with this talk to further improve phishing payloads through maldocs. There will be a discussion of what has been added, what additional features it provides, and how to use it for detection avoidance. We’ll also discuss how the code is laid out and some of the requirements to add to this project so that you can make it your own and further improve bypass capabilities.


  • Ryan Linn
    Ryan Linn has a background in red teaming, penetration testing, incident response, and forensics that has helped him to understand many of the challenges that security practitioners face today. He enjoys sharing this knowledge at places like DefCon, BlackHat, DerbyCon and many others. He has helped train individuals in corporate security, law enforcement, and federal governments around the world on hacking and incident response techniques. Ryan is one of the authors Gray Hat Hacking and has contributed to many open source frameworks including Metasploit, BeEF and Ettercap.


Similar Presentations: