GoSec 2021
Black-Hat-USA

GoSec 2021 (Virtual)

GoSecure is excited to be a platinum sponsor at the upcoming GoSec cybersecurity conference. For over 16 years, GoSec has brought together experts in the information technology security field from multiple sectors. In addition to being a great networking opportunity, this event allows participants to learn about new industry trends by offering more than 30 sessions covering topics such as: audit and governance, risk management, research, and operational security.

Come Join Us

Use our discount code, PlatinumGoSec2021, and save $20 on registration.

Click here to register for GoSec.

———————————————

Event Hours

Wednesday, September 22 – 10:00 AM – 6:00 PM (EDT)
Thursday, September 23 – 10:00 AM – 5:00 PM (EDT)

Booth Activities / Chance to Win

Be sure to stop by our virtual booth to learn how we protect customers against the latest threats and mitigate their risk.

UNA GrillAnother reason to stop by our booth is a chance to win a UNA portable grill. Just fill out our survey to be entered.

We hope to see you at GoSec 2021!

GoSecure Workshops

GoSecure will have several hands-on workshops led by our security researchers. These unique and free workshops will allow attendees to learn about new industry trends and topics of interest by using a really hands-on approach

—————————————————————–

Attacking the Remote Desktop Protocol: a hands-on workshop

Remote Desktop Protocol (RDP) is a prevalent protocol that gained in popularity over the last couple of years due to the pandemic. Indeed, in addition to system administrators, many remote workers are now relying on it to perform duties on remote systems. RDP is secure when well deployed. Unfortunately, it is rarely well deployed and thus clicking through warnings is common.

In this workshop, we will use PyRDP, a monster-in-the-middle (MITM) tool and library we wrote, to demonstrate practical attacks against the RDP protocol. This will enable us to understand where the risks with RDP are.

Olivier Bilodeau | Cybersecurity Research Director at GoSecure

Location: Virtual
Date: Tuesday, September 21

Complete details here.

—————————————————————–

HTTP Request Smuggling Workshop

Load balancers and proxies, such as HAProxy, Varnish, Squid and Nginx, play a crucial role in website performance, and they all have different HTTP protocol parser implemented. HTTP Request Smuggling (HRS) is an attack abusing inconsistencies between the interpretation of requests’ ending by HTTP request parsers. What might be considered the end of one request for your load balancer might not be considered as such by your web server.

We will see how an attacker can abuse several vulnerable configurations. HTTP Request Smuggling (HRS) enable multiple attack vectors, including cache poisoning, credential hijacking, URL filtering bypass, open-redirect and persistent XSS. For each of these vectors, a payload will be showcased and explained in-depth. Also, a live demonstration will be made to see the vulnerability in action. Aside from exploitation, we will show how developers and system administrators can detect such faulty configurations using automated tools.

For the hands-on section, simple exercises will be given to participants to reproduce the exploitation of such vulnerability. A case of HTTP1 header confusion as well as a more recent variant with the HTTP2 protocol will be exploited. To participate in the workshop section, you will need to be able to install Burp Suite, Docker and Python.

Philippe Arteau | Cybersecurity Researcher at GoSecure

Location: Virtual
Date: Tuesday, September 21

Complete details here.

GoSecure Sessions

Our cybersecurity experts and specialists will be sharing their insights and best practices in the following:

—————————————————————–

The Mass Effect: How Opportunistic Workers Drift into Cybercrime

By focusing on the most visible cybercriminals, our security community often overlooks the impact of massive groups supporting criminal activities. Yet, these groups act like the “mass effect”, where a primary pathology generates an inflating mass that pressures its surrounding, increasing the initial problem’s scale. This research was motivated by a desire to uncover the context and motivations of individuals involved in spreading the Geost banking Trojan, and ended with large-scale statistical analyses of behaviors in an informal online market, one of the largest out there. The market was found to host dubious activities through a hide in plain sight approach.

Masarah Paquet-Clouston | Security Researcher at GoSecure

Date: Tuesday, September 21
Time: 4:00 PM (EDT)

Complete details here.

—————————————————————–

Vulnerability Management – Lessons Learned & Wisdom Earned

Virtually all companies today rely on technology to deliver their products or services, even the old bricks and mortar companies. Despite having various needs for their technology, a retail chain, an energy company, and a bank all share one thing in common. The patch Tuesday, exploit Wednesday monthly cycle. This talk will look at how various companies solve the patch and scan headache and its growing technical debt.

Randy Martin | Director of Vulnerability Management at Gosecure

Date: Tuesday, September 21
Time: 4:00 PM (EDT)

Complete details here.

—————————————————————–

Gouvernance d’un programme de tests de sécurité en entreprise (French)

La rareté des ressources est souvent un obstacle à la mise en place d’un programme complet de sécurité en entreprise. Cette présentation vise à expliquer comment construire un programme de test d’intrusion en entreprise, quels sont les défis pour recruter et conserver le talent, quelles sont les règles d’engagements à mettre en place et comment favoriser une culture organisationnelle de sécurité basée sur la confiance et la collaboration. À la fin de la présentation, l’audience devrait avoir une meilleure compréhension des stratégies de tests en entreprise, de la rétention et la mise en place d’une équipe de sécurité.

Laurent Desaulniers | Director Pentesting Services at GoSecure

Date: Tuesday, September 21
Time: 11:00 AM (EDT)

Complete details here.

Titan Managed Detection & Response
Next-Generation Antivirus
Endpoint Detection & Response
Network Detection & Response
Inbox Detection & Response
Insider Threat Detection & Response
Managed Firewall
Managed SIEM
Vulnerability Management as a Service
GoSecure Titan
Titan Software
Email Security
Web Security
ResponderPRO Forensics Toolkit
Advisory Services
Breach Readiness Services
Cybersecurity Assessment
Incident Response & Forensics
Red & Purple Team Services
Penetration Testing Services
Privacy & Compliance Services
Security Compromise Assessment
3rd Party Technology

Pin It on Pinterest