2026-06-04 –, Track 2
ClickFix has emerged as a powerful initial access technique that continues to deliver new and creative ways to deploy payloads. As adversaries continue to evolve ClickFix and related “Fix” techniques, understanding how they operate has become essential for defensive security teams. Offensive security teams can draw inspiration from the creative and rapidly evolving payload dropping techniques threat actors are building around ClickFix.
This talk provides a technical deep dive into ClickFix by exploring:
- How ClickFix attacks work
- What methods are used to deliver second-stage payloads
- How ClickFix and other Fix techniques have evolved over the past year
- Post-exploitation scenarios and anti-forensics
Attendees will gain practical insights into ClickFix evaluation approaches, detection & response opportunities, and defensive strategies that security teams can apply to identify and mitigate ClickFix based attacks.
Bert-Jan is a Defensive Security Specialist and Incident Responder. He specializes in threat detection, automation and response in cloud, hybrid and on-premises environments. Besides speaking at public events, Bert-Jan likes to share technical blogs on KQLQuery.com, where he provides in-depth tutorials and insights on using KQL for effective threat detection and automation. Bert-Jan is the author of various security tools Including ALFA, IR PowerShell and KustoHawk, which are available on GitHub (github.com/bert-JanP).