2025-10-25 –, Track 1 - Plug N Play
Paste and run (aka ClickFix, fakeCAPTCHA) has been one of the most successful initial execution vectors in the past year. Since its first reported use in March 2024, it’s been used by a number of adversaries to deliver more than 10 different malicious payloads in a variety of campaigns. Red Canary has certainly seen our fair share of users tricked into copying, pasting, and executing malicious code using this technique. In this talk we’ll scrutinize paste and run, and I’ll dig into some of the threat intelligence challenges we faced tracking and clustering this threat from an endpoint perspective. Attendees will learn about the Red Canary threat intel team's research into this threat over the past year and walk away with practicable detection opportunities.
Stef Rand is a Senior Intelligence Analyst at Red Canary. She’s passionate about researching threats to share insights with defenders. Prior to joining Red Canary, Stef was a DFIR consultant at Mandiant, and before she started her career in cybersecurity she earned a master’s degree in Clinical Psychology. She is an Augusta University School of Computer and Cyber Sciences alum (December 2019). When she’s not online, she’s off-grid in the woods or on the water.