Bishop Fox Presents at 2021 Virtual CactusCon 9

CactusCon is the largest infosec conference in Arizona (home base for Bishop Fox) and one of the most notable hacker cons in the American Southwest. As is par for the course for “the new normal,” this year’s upcoming CactusCon 9 is an all-virtual event. But other than that, CactusCon 9 will be more of what people have come to expect – informative talks, cutting-edge research, and actionable workshops for enhancing your security skillset.

Bishop Fox has been involved with CactusCon for years, and 2021 is no exception. We are not only a major sponsor of the conference, but several current and former Foxes are speaking and sharing knowledge and trainings, too. Barrett Darnell, Continuous Attack Surface Testing (CAST) Senior Operator and veteran capture-the-flag (CTF) competitor, is even organizing the CTF.

Check out the details below for some TL;DRs of our CactusCon 9 presence and info on how you can attend. The conference will be held from February 5-6, 2021; general admission tickets are free.

“STEALING A PASSWORD THROUGH INTERPRETIVE DANCE, AND OTHER WILD VIDEO GAME HACKS” BY DAN “ALTF4” PETRO

During this talk (time TBD), Bishop Fox lead researcher Dan Petro will share six remotely exploitable hacks for Super Smash Bros: Melee and Magic: The Gathering open source libraries and applications. He’ll walk through each exploit in detail, explaining how they leverage vulnerabilities such as memory corruption – and the larger consequences posed by each. As they say, it’s all fun and games until someone’s password is exposed.

You may remember Dan from related talks, like 2016’s “Game Over, Man! Reversing Video Games to Create an Unbeatable AI Player.” Video games are clearly a passion area for Dan, and more often than not, he’s able to correlate his experiences with them into meaningful security research. In late 2020, Dan authored a blog series, “Cheating at Online Video Games and What It Can Teach Us About AppSec” (Part 1, Part 2, Part 3). This series focused on the intersections between application security and online video game cheats – which are more prevalent than you might initially think. The importance of security by design, the struggle to implement sufficient anti-automation, and the role of race conditions are only some of the areas of significant overlap between video game cheats and AppSec. “Looking at how people cheat can be very educational; it shows you the limits of what is possible and forces you to consider the overall design of a system,” Dan stated in Part 1 of the series.

Now, for the burning question: Will Dan interpretative dance to video game soundtracks during his talk? We can’t say for sure, so you need to tune in to find out.

“REVERSE ENGINEERING WEBSITES” BY ANDREW WILSON & WHAT TO EXPECT AT THE CACTUSCON 9 CTF

Bishop Fox Vice President of Consulting Andrew Wilson will also be presenting at CactusCon 9 (time TBD). His talk will center on the various concepts, strategies, and methods he has learned over his two-decade-long career to exploit websites. Meanwhile, the CactusCon 9 CTF – co-organized by Bishop Fox’s Barrett Darnell - will start shortly after opening comments and finish by closing remarks on February 5th, Day 1 of the conference. The CTF is a solo event (no teams!) and is intended for beginner to intermediate-level CTF players. Categories included in the CTF are computer network exploitation, digital forensics, and cryptography among other subject areas. Prizes (such as HackTheBox subscriptions) are set to be given away throughout the competition. Considering just how valuable CTFs are for fine-tuning your pen testing skills – especially if you’re starting out in the security field – it’s worth investing a few hours of your Friday to participate. Barrett previously helped create the CTF for the 2020 DEF CON RED Team Village and has competed in the prestigious SANS Net Wars Tournament of Champions, so if you compete, come prepared for a challenge.

Additionally, a Bishop Fox alum – Ankur Chowdhary – will also be presenting “Can Artificial Intelligence Detect Advanced Persistent Threats?” at CactusCon 9.

HOW TO SIGN UP FOR CACTUSCON 9

You can register for CactusCon 9 at Eventbrite. General admission and CTF registration is free, but you can also register as a community sponsor and leave a donation. The CactusCon Discord is up and running, too – you can join the conversation before the event even begins. The digital nature of this year’s event may impede the networking we’re used to, but that doesn’t mean you can’t rub virtual elbows on Discord.

And if you are interested in learning about a pen testing career at Bishop Fox, our recruiters will be active on Discord throughout CactusCon. Drop into our dedicated Discord channel to ask questions or possibly score some Bishop Fox swag.

We hope you’ll consider spending the first weekend of February streaming CactusCon 9. For a complete breakdown of other talks and workshops, check out the list at their site.