GoSec 2021
Black-Hat-USA

GoSec 2021 (Virtual)

GoSecure is excited to be a platinum sponsor at the upcoming GoSec cybersecurity conference. For over 16 years, GoSec has brought together experts in the information technology security field from multiple sectors. In addition to being a great networking opportunity, this event allows participants to learn about new industry trends by offering more than 30 sessions covering topics such as: audit and governance, risk management, research, and operational security.

Come Join Us

Use our discount code, PlatinumGoSec2021, and save $20 on registration.

Click here to register for GoSec.

———————————————

Event Hours

Wednesday, September 22 – 10:00 AM – 6:00 PM (EDT)
Thursday, September 23 – 10:00 AM – 5:00 PM (EDT)

Booth Activities / Chance to Win

Be sure to stop by our virtual booth to learn how we protect customers against the latest threats and mitigate their risk.

UNA GrillAnother reason to stop by our booth is a chance to win a UNA portable grill. Just fill out our survey to be entered.

We hope to see you at GoSec 2021!

GoSecure Workshops

GoSecure will have several hands-on workshops led by our security researchers. These unique and free workshops will allow attendees to learn about new industry trends and topics of interest by using a really hands-on approach

—————————————————————–

Attacking the Remote Desktop Protocol: a hands-on workshop

Remote Desktop Protocol (RDP) is a prevalent protocol that gained in popularity over the last couple of years due to the pandemic. Indeed, in addition to system administrators, many remote workers are now relying on it to perform duties on remote systems. RDP is secure when well deployed. Unfortunately, it is rarely well deployed and thus clicking through warnings is common.

In this workshop, we will use PyRDP, a monster-in-the-middle (MITM) tool and library we wrote, to demonstrate practical attacks against the RDP protocol. This will enable us to understand where the risks with RDP are.

Olivier Bilodeau | Cybersecurity Research Director at GoSecure

Location: Virtual
Date: Tuesday, September 21

Complete details here.

—————————————————————–

HTTP Request Smuggling Workshop

Load balancers and proxies, such as HAProxy, Varnish, Squid and Nginx, play a crucial role in website performance, and they all have different HTTP protocol parser implemented. HTTP Request Smuggling (HRS) is an attack abusing inconsistencies between the interpretation of requests’ ending by HTTP request parsers. What might be considered the end of one request for your load balancer might not be considered as such by your web server.

We will see how an attacker can abuse several vulnerable configurations. HTTP Request Smuggling (HRS) enable multiple attack vectors, including cache poisoning, credential hijacking, URL filtering bypass, open-redirect and persistent XSS. For each of these vectors, a payload will be showcased and explained in-depth. Also, a live demonstration will be made to see the vulnerability in action. Aside from exploitation, we will show how developers and system administrators can detect such faulty configurations using automated tools.

For the hands-on section, simple exercises will be given to participants to reproduce the exploitation of such vulnerability. A case of HTTP1 header confusion as well as a more recent variant with the HTTP2 protocol will be exploited. To participate in the workshop section, you will need to be able to install Burp Suite, Docker and Python.

Philippe Arteau | Cybersecurity Researcher at GoSecure

Location: Virtual
Date: Tuesday, September 21

Complete details here.

GoSecure Sessions

Our cybersecurity experts and specialists will be sharing their insights and best practices in the following:

—————————————————————–

The Mass Effect: How Opportunistic Workers Drift into Cybercrime

By focusing on the most visible cybercriminals, our security community often overlooks the impact of massive groups supporting criminal activities. Yet, these groups act like the “mass effect”, where a primary pathology generates an inflating mass that pressures its surrounding, increasing the initial problem’s scale. This research was motivated by a desire to uncover the context and motivations of individuals involved in spreading the Geost banking Trojan, and ended with large-scale statistical analyses of behaviors in an informal online market, one of the largest out there. The market was found to host dubious activities through a hide in plain sight approach.

Masarah Paquet-Clouston | Security Researcher at GoSecure

Date: Tuesday, September 21
Time: 4:00 PM (EDT)

Complete details here.

—————————————————————–

Vulnerability Management – Lessons Learned & Wisdom Earned

Virtually all companies today rely on technology to deliver their products or services, even the old bricks and mortar companies. Despite having various needs for their technology, a retail chain, an energy company, and a bank all share one thing in common. The patch Tuesday, exploit Wednesday monthly cycle. This talk will look at how various companies solve the patch and scan headache and its growing technical debt.

Randy Martin | Director of Vulnerability Management at Gosecure

Date: Tuesday, September 21
Time: 4:00 PM (EDT)

Complete details here.

—————————————————————–

Gouvernance d’un programme de tests de sécurité en entreprise (French)

La rareté des ressources est souvent un obstacle à la mise en place d’un programme complet de sécurité en entreprise. Cette présentation vise à expliquer comment construire un programme de test d’intrusion en entreprise, quels sont les défis pour recruter et conserver le talent, quelles sont les règles d’engagements à mettre en place et comment favoriser une culture organisationnelle de sécurité basée sur la confiance et la collaboration. À la fin de la présentation, l’audience devrait avoir une meilleure compréhension des stratégies de tests en entreprise, de la rétention et la mise en place d’une équipe de sécurité.

Laurent Desaulniers | Director Pentesting Services at GoSecure

Date: Tuesday, September 21
Time: 11:00 AM (EDT)

Complete details here.

Détection et réponse gérées Titan
Antivirus de nouvelle génération
Détection et réponse sur les terminaux
Détection et réponse sur le réseau
Détection et réponse sur les boîtes de messagerie
Détection et réponse face aux menaces internes
Gestion des pare-feu
Gestion des SIEM
La gestion des vulnérabilités en tant que service
GoSecure Titan
Logiciel Titan
Sécurité de la messagerie
Sécurité Web
Boîte à outils «Responder PRO Forensics»
Services professionnels
Services de détection de brèches
Évaluation de la cybersécurité
Évaluation de la compromission de la sécurité
Piratage éthique
Réponse aux incidents et analyse de type «forensics»
Services de conformité et d’audit
Technologies fournies par des tiers

Pin It on Pinterest