2025-06-21 –, Track 1 (UC Conf. Rm. A) (2nd Floor)
Threat actors are weaponizing trust and urgency in terrifying new ways, and the ClickFix attack is proof. This deceptively simple technique tricks users into executing malware with a single copied command—no exploits, no macros, just human behavior working against itself. If you work in incident response or SOC operations, understanding ClickFix isn’t optional—it’s essential. See why this attack works, how to stop it, and what’s next in the evolving playbook of cyber deception.
In this talk, we’ll break down:
-
How ClickFix exploits psychology to bypass traditional security controls
-
Real-world examples of attackers using ClickFix for credential theft, RAT deployments, and financial fraud
-
Detection strategies—from behavioral analytics to endpoint monitoring
-
Mitigation tactics that defenders can apply today to stop this emerging threat
The ClickFix attack is so effective because it blends in with our everyday internet behaviors. It also takes advantage of workflows that every day users may not be considering in their day to day activities.
Kicking off my cybersecurity career during 11 years with the US Air Force, I specialized in incident response, threat hunting, and cloud security. My time included formative tours with the Air Force CERT (AFCERT) and a National Cyber Protection Team, tackling real-world threats head-on. Transitioning to the private sector, I now contribute to Google/Mandiant's mission, focusing on advancing Digital Forensics and Incident Response (DFIR) capabilities and applying lessons learned from the front lines. Outside the digital trenches, I enjoy quality coffee, exploring new tech, family time, and catching up on good TV shows.