I had the amazing opportunity to attend CactusCon this year, and I had a wonderful time! I am incredibly grateful for all of the talks I heard from, the professionals I got to meet, and the vendors I was able to speak with. I am also thankful for CactusCon for providing me with a free ticket as a student!
Although I’m a Data Science major, I also have great interest in the world of cybersecurity. I particularly love learning about blue team work and the analysis of systems and network traffic. I went to Cactus Con excited to hear about these topics, and the depth with which I got to hear professionals delve into them and more was delightful.
Although I enjoyed every talk I listened to, I did have some favorites. One of my favorite talks included an illuminating discussion of AutoPwnKey by Ezra Woods and Michael Manrod:
AutoPwnKey is a remarkable red-team multitool with features for multiple steps in the MITRE ATT&CK framework. It takes advantage of some of the more powerful capabilities of the AutoHotKey tool to covertly retrieve data and install software, among other things, on the target system.
My main takeaway as someone interested in data analysis and blue team work was how the presence of a high number of DLL (Dynamic Link Library) requests within telemetry logs can signify the presence of an AutoPwnKey attack. Processes that rely on AutoHotKey typically employ a large number of these requests, and so I look forward to learning key signifiers that differentiate benign and malicious processes.
However, AutoPwnKey has the capability to block communication with specific IP addresses. If a company uses a third-party service for their EDR (Endpoint Detection and Response), an attacker using AutoPwnKey might just block that service’s IP address and thus prevent the target system from getting any alerts.
A portion of the discussion involved guidance against organizations relying too heavily on EDR tools and services for cybersecurity, which appears to be a common practice. It’s an important reminder to always be vigilant in the world of cyber security, and to never rely too heavily on a single tool for anything.
I also thoroughly enjoyed Dustin Heywood's explanation of NTMLv1 reversion to MTLM using hashcat and NTMLv1-Multitool.
NTMLv1 is an older Microsoft authentication tool, which encrypts data into a hash of a set length and employs a call-and-response system. Using NTMLv1-multitool, it is possible to revert a hash created by an NTMLv1 algorithm into an older NTML format that is easier to crack. The newly formatted data can then be cracked and sent to a file for the user to parse through.
As someone fascinated by cryptography, I can’t wait to explore the tools provided and possibly use them in the upcoming NCL challenge this April. I recently began my Linux journey by taking a course focused on Linux basics this semester, and both hashcat and NTMLv1-multitool appear to be excellent tools to start adding into my repertoire.
I also had the pleasure of hearing one of the weirdest (and most insightful!) self-help guides I’ve come across by Kristy Westphal about believing in yourself to lead a team.
She posted several powerful insights, many of which I plan to implement into my own professional and mental routines.
One such idea I enjoyed is to routinely ask oneself questions, including:
● Why am I here?
● How am I doing? (Really?)
● Am I enjoying myself? If not, why not?
● How do I think other people perceive me?
Another idea I found particularly thoughtful is to assume failure ahead of time to remove some of the extreme pressure we place on ourselves. Going into a situation assuming that what I do won’t work sounds counterintuitive at first, but I plan to experiment with implementing it when I am confronted with obstacles or difficult tasks.
Ms. Westphal expounded on these by explaining the importance of being in tune with oneself for mental health. Although the talk was focused on struggles that come with leading a team, I believe the concepts can be applied in a variety of situations. The world of technology is a difficult and ever-changing one, and it’s easy to be disheartened or overwhelmed by the obstacles it holds. I’m grateful to gain more tools to help me work through challenges as they come.
It was incredible to see how vibrant the cyber community is here in Arizona. I cannot wait to continue my journey and learn from the brilliant minds around me. After all, as Jen Winters so elegantly stated during the Hoodies Off panel over the weekend, “Alone we are all strong, together, we are unstoppable.” Huge shoutout Jake Henningsen, Alexis Sloan, Ozzy James, Keegan Heaton, Christopher Alsay, and everyone else from the University of Advancing Technology (UAT) I saw there!
Learn more about UAT's Cyber Security degrees today!
/UAT-Logo-new.jpg?width=151&name=UAT-Logo-new.jpg "UAT-Logo-new"){kind=logo}
Comment