Following in the footsteps of my coworker (and fellow blogger), Vinny Lariza, I attended CactusCon, Arizona’s largest annual hacker and security conference in Arizona, held this year May 6-7, 2016, in Phoenix.

Even without Vinny, this year’s event was as engaging as CactusCon 2015, and its new venue, the Phoenix Convention Center, accommodated a record-high 780 participants from around the U.S., making this the largest conference at which I’ve had an opportunity to speak.



CactusCon offers a broad assortment of talks and workshops for Network Security and Information Assurance professionals of all stripes. Between preparation for and presentation of my Angler Exploit Kit campaign research, I was able to take in a handful of other notable talks, including:


Neil Smith’s talk about threat intelligence covered one of today’s most important InfoSec topics. Smith explored some of the challenges security researchers encounter in their ongoing analysis of the huge amounts of data generated daily in search of information that can contribute to better security, and discussed the role of malicious actors in generating counter-intelligence. He argues that security analysts need a full awareness of what threat intelligence can do—and importantly, what it cannot do, as well as where it’s vulnerable—in order to better discern malicious activity in its early stages.

The author demonstrated a practical method he’d devised of using threat intelligence against URL scanners, and outlined an example of the Hacking Team abusing T1.IMG_0942 Since I work a lot with different threat intelligence sources like PhishTank and VirusTotal, an awareness of the possible malicious actions by which cybercriminals can abuse them is valuable.



Another Neil, this one Neil R. Wyler who is perhaps better known among CactusCon attendees as Grifter, was engaging and inspiring.

He has been a staff member of the Black Hat Security Briefings for over 13 years and is a member of the Senior Staff at DEF CON. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security.

In addition to telling the story of his own professional journey, Neil shared his personal observations about the security community and speculated about the future of the industry.


Paulo Shakarian, director of the Cyber-Socio Intelligent Systems (CySIS) Laboratory at Arizona State University, delivered a truly engaging presentation on leveraging game theory and machine learning to infiltrate and identify possible threats.


This is one of the approaches being undertaken by OpenDNS Labs, which executes large-scale phishing detection using unsupervised machine learning techniques in DNS traffic (a.k.a. NLP rank).

Of course, most of our research is based on DNS data (no surprise, right?) so it is informative to see the results of similar approach applied to different data. Shakarian’s complementary approach involves studying malicious hacker communities and black markets where malware and exploits are bought, sold, and traded online. In his talk, he described how a combination of machine learning and game theory-based techniques can address human shortcoming and aid in the creation of relevant, proactive cyber threat intelligence gathered from malicious hacking online. Among the valuable results of the game theoretic simulation can be ranking of malicious exploits.


The analysis of this environment can lead to the identification of zero-day exploits, “fully-undetectable” malware. How this information can be highlighted with respect to a given enterprise is also explained.

In all, CactusCon was great! I felt very privileged to be a part of this top-tier security conference that’s quickly grown into a must-attend learning and networking event, and hope to attend next year as well.


This post is categorized in: