Attacking the Remote Desktop Protocol: a hands-on workshop

Remote Desktop Protocol (RDP) is a prevalent protocol that gained in popularity over the last couple of years due to the pandemic. Indeed, in addition to system administrators, many remote workers are now relying on it to perform duties on remote systems. RDP is secure when well deployed. Unfortunately, it is rarely well deployed and thus clicking through warnings is common.

In this workshop, we will use PyRDP, a monster-in-the-middle (MITM) tool and library we wrote, to demonstrate practical attacks against the RDP protocol. This will enable us to understand where the risks with RDP are.

Session duration: 2 hours

Session agenda:
● Install the tool
● Perform an eavesdropping monster-in-the-middle attack
● Watch previously recorded sessions
● Use the interactive player to crawl client filesystem
● Perform a hijacking monster-in-the-middle attack
● Extract private RDP keys from Windows and use them in PyRDP

● A computer with 16GB of RAM and ~100GB of disk space (for the VMs)
A Linux VM or host (preferably Ubuntu)
A functional Windows VM

Please make sure to have the prerequisites ready before the start of the workshop since only installing and booting the VMs would take most of the 2-hour session!

Audience: System administrators and security analysts

Olivier Bilodeau

Olivier Bilodeau

Cybersecurity Research Director at GoSecure

Malicious Network Data Analysis Using Open-Source Tools

Fully understanding a botnet often requires a researcher to go beyond standard reverse-engineering practice and explore the malware’s network traffic. The latter can provide meaningful information on the evolution of a malware’s activity. However, it is often disregarded in malware research due to time constraints and publication pressures.

The workshop is about overcoming such constraints by providing a powerful workflow to conduct quick analysis of malicious traffic. The data science approach presented capitalizes on open-source tools (Wireshark/Tshark, Bash with GNU parallel) and valuable python libraries (Pandas, Numpy and Plotly). During the workshop, participants will do practical technical labs with datasets created during a botnet investigation. They will learn how to quickly find patterns, plot graphs and interpret data in a meaningful way. Although the exercises will focus on botnet data, the tools and skills learned will be useful to all sorts of context. Moreover, to ensure that participants take the most out of the workshop, it will be built in a way to allow them to easily replicate the data analysis environment at home and reproduce similar analysis with their own traffic data.

Duration of the workshop: 2 hours

Workshop Outline:
The workshop will be divided in three sections. The first section will present the contextual information needed for participants to start the practical technical labs. The second section will focus on scaling Pcap data extraction and analysis. The third section will emphasize on graphs and the use of the python libraries to analyze a large amount of traffic.

Section 1 – Contextual Information

Section 2 – Pcap data extraction and analysis

  • Lab 1 – Extract SOCKS Traffic with Tshark (Wireshark’s command-line interface)
  • Lab 2 – Introduction to Jupyter notebook and its shell integration (xargs, parallel)

Section 3 – Data manipulation and graphs

  • Lab 3 – Manipulate dataframes with network traffic with Pandas
  • Lab 4 – Graph data using Plotly

We will provide a hosted environment in which the tools (tshart, bash, GNU parallel, Jupyter notebook, Pandas, Numpy, Plotly) will be installed and the notebooks, data and exercises will all be available.

Olivier Bilodeau

Olivier Bilodeau

Cybersecurity Research Director at GoSecure

Optimizing the Workforce for Cyber Crisis Resilience — An Interactive Simulation

As we continue to evolve our corporate defenses, even the best crisis response plans struggle to account for the human element. The performance of your technology might be a known quantity, but what about your human capabilities? This interactive session will test organization wide decision-making skills using a realistic cyber crisis.

Join Immersive Labs for this interactive session to:

  • Understand the business impact of technical choices, stakeholder management actions and more
  • See real time data on the effects of decisions on crisis management and response
  • Strengthen your organization on both sides for greater resilience
Luke Kmiotek

Luke Kmiotek

Sales Engineer at Immersive Labs

Danielle Riley

Danielle Riley

Senior Channel Sales Manager at Immersive Labs