BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//speak.enusec.org//le-tour-du-hack-2026//talk//VHZED7
BEGIN:VEVENT
UID:pretalx-le-tour-du-hack-2026-VHZED7@speak.enusec.org
DTSTART:20260516T145000Z
DTEND:20260516T155000Z
DESCRIPTION:Last year at LTDH I did a talk on ClickFix — the fake-CAPTCHA
  trick that gets users to paste malicious commands into the Run dialog. I 
 thought I was done with the topic.\n\nA year on\, ClickFix has grown a fam
 ily. FileFix moves the trick to File Explorer. ConsentFix (APT29) does it 
 through OAuth and bypasses MFA and passkeys without ever touching the endp
 oint. CrashFix deliberately breaks your browser\, then offers the fix. And
  a DPRK-nexus actor used a ClickFix-style fake job interview to compromise
  an Axios maintainer putting 100M weekly npm downloads in the blast radius
 .\n\nPart one: how the family grew up. Part two: how we catch them — SIE
 M queries\, Conditional Access\, browser hardening\, the lot. Part three: 
 why none of this stays solved\, because custom ClickFix GPTs and AI-genera
 ted lures are about to make the next variant cheaper than the last.
DTSTAMP:20260514T144118Z
LOCATION:Track 1
SUMMARY:Meet the Fixers: How One Social Engineering Technique Spawned a Fam
 ily  and How to Catch It - Cameron Cottam
URL:https://speak.enusec.org/le-tour-du-hack-2026/talk/VHZED7/
END:VEVENT
END:VCALENDAR