Workshops

We are excited about our virtual workshops for this year’s GoSec. These unique and free workshops will allow attendees to learn about new industry trends and topics of interest by using a really hands-on approach. Register for GoSec and you get access to all workshops.

How to Register

Since space is limited for each of these free workshops, we recommend that you register via the virtual event platform as soon as you receive your access.

Attacking the Remote Desktop Protocol: a hands-on workshop

Remote Desktop Protocol (RDP) is a prevalent protocol that gained in popularity over the last couple of years due to the pandemic. Indeed, in addition to system administrators, many remote workers are now relying on it to perform duties on remote systems. RDP is secure when well deployed. Unfortunately, it is rarely well deployed and thus clicking through warnings is common.

In this workshop, we will use PyRDP, a monster-in-the-middle (MITM) tool and library we wrote, to demonstrate practical attacks against the RDP protocol. This will enable us to understand where the risks with RDP are.

Session Duration:

2 hours

Session Agenda:

  • Install the tool
  • Perform an eavesdropping monster-in-the-middle attack
  • Watch previously recorded sessions
  • Use the interactive player to crawl client filesystem
  • Perform a hijacking monster-in-the-middle attack
  • Extract private RDP keys from Windows and use them in PyRDP

Prerequisites:

  • A computer with 16GB of RAM and ~100GB of disk space (for the VMs)
  • A Linux VM or host (preferably Ubuntu)
  • A functional Windows VM

Please make sure to have the prerequisites ready before the start of the workshop since only installing and booting the VMs would take most of the 2-hour session!

Audience:

System administrators and security analysts

Speaker

Olivier Bilodeau

Olivier Bilodeau

Cybersecurity Research Director at GoSecure

Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 12 years of infosec experience, Olivier runs honeypots, reverse-engineers binaries, and programs malware analysis tools. He authored several important AV industry reports like Dissecting Linux/Moose, Operation Windigo (about the Ebury malware) and Ego-Market: When Greed for Fame Benefits Large-Scale Botnets. Passionate communicator, Olivier has spoken at several conferences like RSAC USA, BlackHat USA/Europe, DefCon, 44CON, NorthSec, Botconf, SecTor, Derbycon, AtlSecCon and more. Invested in his community, he co-organizes MontréHack — a monthly workshop focused on applied information security — and he runs NorthSec’s Hacker Jeopardy.

How To Create a Successful Security Awareness Program

Learn how the proven Security Awareness 5-Step Framework is leveraged by organizations globally to effectively implement a security awareness program that generates measurable results. This workshop will help security awareness leaders design a personalised program for their organization while considering the following elements and questions:

  • How to design a program that will provide the highest participation rate and best results
  • How to best deploy the program to new hires as well as identify audience for role-based training
  • What is best frequency, format and length for awareness activities
  • Leveraging phishing simulations to improve high risk user behaviours
  • New threats and risks users and organizations face in a work from home environment

Speaker

Theo Zafirakos

Theo Zafirakos

CISO and Professional Services Security Awareness Speaker at Terranova Security

Theo is an experienced CISO, trusted cyber security advisor, and expert in security awareness strategy, governance, privacy, and more.

He works with security leaders worldwide to help identify, evaluate, and manage security awareness strategies that align with their organizational objectives. He’s also responsible for internal cyber security policies and awareness initiatives at Terranova Security.

Theo leads the Terranova Security Professional Services team in the implementation and execution of robust, personalized security awareness training campaigns. Using a proven 5-step framework, he enables organizations to establish powerful, scalable training programs that target and change specific user behaviors. He also helps organizations assess their security awareness training program’s success with actionable metrics that facilitate long-term optimization and growth.

Before joining Terranova Security, Theo spent 20 years at Canadian National Railway (CN), a leading North American transportation and logistics. In his role as CISO, he was responsible for the information security and governance strategy. He also led the Corporate Information Security Unit, where his mandate was to ensure that the right security program and controls were enforced throughout the organization.

Theo regularly speaks about security awareness and phishing simulation training at in-person and virtual industry events. He lives in Montreal, QC, and enjoys traveling, cooking, building Legos, and spending time with his family.

HTTP Request Smuggling Workshop

Load balancers and proxies, such as HAProxy, Varnish, Squid and Nginx, play a crucial role in website performance, and they all have different HTTP protocol parser implemented. HTTP Request Smuggling (HRS) is an attack abusing inconsistencies between the interpretation of requests’ ending by HTTP request parsers. What might be considered the end of one request for your load balancer might not be considered as such by your web server.

We will see how an attacker can abuse several vulnerable configurations. HTTP Request Smuggling (HRS) enable multiple attack vectors, including cache poisoning, credential hijacking, URL filtering bypass, open-redirect and persistent XSS. For each of these vectors, a payload will be showcased and explained in-depth. Also, a live demonstration will be made to see the vulnerability in action. Aside from exploitation, we will show how developers and system administrators can detect such faulty configurations using automated tools.

For the hands-on section, simple exercises will be given to participants to reproduce the exploitation of such vulnerability. A case of HTTP1 header confusion as well as a more recent variant with the HTTP2 protocol will be exploited. To participate in the workshop section, you will need to be able to install Burp Suite, Docker and Python.

By the end of this workshop, security enthusiasts from any level will have solid foundations to mitigate request smuggling, a vulnerability that has greatly evolved in the past 15 years.

Reasons why the proposed topic is innovative:
Request Smuggling has been trending in the past two years. It is new compared to other application vulnerabilities. This presentation introduces newcomers to the subject. The goal is to focus on the main attack vectors (credential hijacking, URL filtering bypass and persistent XSS) and their impact rather than showing tons of payload variations. The workshop will showcase real applications for participants to experiment. Something that can’t be found at the moment.

Speaker

Philippe Arteau

Philippe Arteau

Cybersecurity Researcher at GoSecure

Philippe is a security researcher at GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.