index.adoc

GoSecure’s Presentation Material

Note	PDFs are a degraded experience over the linked (HTML) slide decks when available.

2023

BSides Augusta

• From RDP To D&D: Unparalleled Remote Desktop Monitoring Reveal Attackers' Tradecraft by Olivier Bilodeau

2022

Human Factor in Cybercrime

• Identifying Offenders Through their Passwords: The Similarity and Difference Between Network of Users by Andréanne Bergeron

Americain Society of Criminology

• A Password Strategy Taxonomy to Reveal the Difference Between Offender and Non-Offender Strategies by Andréanne Bergeron

HackFest

• Se fait hacker qui croyait hacker: L’analyse des mots de passe des pirates informatiques (in French) by Andréanne Bergeron

• Purple RDP: Red and Blue Tradecraft around the Remote Desktop Protocol by Olivier Bilodeau

SecTor

• Purple RDP: Red and Blue Tradecraft around the Remote Desktop Protocol by Olivier Bilodeau

BSides Montreal

• You Are Your Password: Understanding How Your Network and Interests Influence Your Password’s Creation Strategy by Andréanne Bergeron

GoSec

• Research Outlook: What has not changed with Social Media Manipulation Driven by Malware? by Masarah Paquet-Clouston and Olivier Bilodeau

• Hackers Get Your Data Through Weak Passwords Practices: Understanding Why and How to Improve Password Protection by Andréanne Bergeron

• Workshop: Attacking the Remote Desktop Protocol by Olivier Bilodeau

• Workshop: Malicious Network Data Analysis Using Open-Source Tools by Olivier Bilodeau

NorthSec

• Tell Me Where You Live And I Will Tell Your P@ssw0rd: Understanding The Macrosocial Factors Influencing Password’s strength by Andréanne Bergeron

• The Risks of RDP and How to Mitigate Them by Olivier Bilodeau and Lisandro Ubiedo

AtlSecCon

• The Risks of RDP and How to Mitigate Them by Olivier Bilodeau and Lisandro Ubiedo

Confoo

• Privacy pitfalls for your web application by Philippe Arteau

2021

Intent Summit

• Introduction to Request Smuggling (Workshop) by Philippe Arteau

BlackHat USA

• PyRDP: Remote Desktop Protocol Monster-in-the-Middle (MITM) by Olivier Bilodeau

HackFest

• SQL Injection Is Still Alive - From a Mall’s Interactive Terminal to AWS WAF Bypass by Marc Olivier Bergeron

GoSec

• Attacking the Remote Desktop Protocol - A Hands-On Workshop by Olivier Bilodeau

NorthSec

• Request Smuggling 101 by Philippe Arteau

OWASP Toronto

• Unicode vulnerabilities that could byͥte you (New version) [video] by Philippe Arteau

2020

December #GoSecureGift

• Advanced XXE Workshop by Philippe Arteau

Hackfest 2020

• Template Injection in Action [video] by Philippe Arteau

NorthSec 2020

• Advanced Binary Analysis Workshop by Alexandre Beaulieu

• Unicode vulnerabilities that could byͥte you by Philippe Arteau

RSAC USA 2020

• GoSecure’s Open Source Contributions to Malware Analysis, Code Hardening and RDP Snooping by Olivier Bilodeau [ PDF ]

2019

CERT-EU 2019

• Behind The Scenes: The Industry Of Social Media Manipulation Driven By Malware by Olivier Bilodeau & Masarah Paquet-Clouston

Hackfest 2019

• Dark What? Démystifier le buzz via la présentation d’un outil open-source et l’analyse des données trouvées by Félix Lehoux

SecTor 2019

• Behind The Scenes: The Industry Of Social Media Manipulation Driven By Malware [ video ] by Olivier Bilodeau & Masarah Paquet-Clouston

• OWASP Find Security Bugs: The community static code analyzer [ video ] by Philippe Arteau

OWASP Global AppSec DC 2019

• OWASP Find Security Bugs: The community static code analyzer by Philippe Arteau

DerbyCon 2019

• Welcome to the Jumble: Improving RDP Tooling for Malware Analysis and Pentesting [ PDF ] by Francis Labelle and Émilio Gonzalez

BlackHat 2019

• Arsenal Presentation: PyRDP - Python 3 Remote Desktop Protocol Man-in-the-Middle (MITM) and Library [ PDF ] by Francis Labelle and Émilio Gonzalez

Hack In Paris 2019

• Advanced XXE Exploitation Workshop Exercises : [1], [2], [3], [4], [5] by Philippe Arteau

NorthSec 2019

• Welcome to the Jumble: Improving RDP Tooling for Malware Analysis and Pentesting [ Video demo 1, Video demo 2, PDF] by Francis Labelle and Émilio Gonzalez

Atl Sec Con 2019

• History of Deserialization by Philippe Arteau

Confoo Montreal 2019

• Cache Me If You Can: Exposing your application using caching features by Philippe Arteau

2018

SecTor 2018

• Malboxes: Make Malware Analysis More Accessible [ PDF, Video Recording ] by Olivier Bilodeau

44Con 2018

• Machine Learning to the rescue of code review by Philippe Arteau

Atl Sec Con 2018

• Machine Learning Workshop: Orange is the new Hack by Philippe Arteau

Confoo Montreal 2018

• Security boot camp for .NET developers by Philippe Arteau

2017

Confoo Vancouver 2017

• Modern XSS: The modern protections (and bypasses) v.2.0 by Philippe Arteau

HackFest 2017

• Lessons Learned Hunting Internet of Things Malware by Olivier Bilodeau

• Beating the Disinformation Drift Facts about the AlphaBay Market by Masarah Paquet-Clouston

• Static-Analysis: Now you’re playing with power by Philippe Arteau

Montréal JUG - Janvier 2017

• La sécurité Java en 2017 by Philippe Arteau

2016

Botconf 2016

• Attacking Linux/Moose 2.0 Unraveled an EGO MARKET by Masarah Paquet-Clouston and Olivier Bilodeau [ video ]

• Lightning Talk: Malboxes by Olivier Bilodeau

HackFest 2016

• Abusing PHP 7’s OPcache to Spawn Webshells by Ian Bouchard [ video ]

BlackHat Europe 2016

• EGO MARKET: When Greed For Fame Benefits Large-Scale Botnets by Masarah Paquet-Clouston and Olivier Bilodeau [ video, blog post, paper ]

44Con 2016

• Workshop: Hunting Linux Malware for Fun and $flags by Marc-Etienne M.Léveillé and Olivier Bilodeau [ recent video, original video now offline ]

• Workshop: Advanced Java Application Code Review by Philippe Arteau [ sources, slides, original video now offline ]

• Malboxes Lightning Talk (22 minutes) by Olivier Bilodeau [ video ]

NorthSec 2016

• Applying DevOps Principles for Better Malware Analysis by Olivier Bilodeau and Hugo Genesse [ video, PDF ]

AtlSecCon April 2016

• Enumerating PE File Structure Security Protections and Custom Base 64 Steganography by Lilly Chalupowski [ PDF, Badger project, Chameleon project ]

• Internet of {Things,Threats} by Olivier Bilodeau and ESET’s Thomas Dupuy [ PDF ]

• The new wave of Deserialization Bugs by Philippe Arteau

Confoo February 2016

• Modern XSS: Protections (and bypasses) by Philippe Arteau [ Demos ]

OWASP Montreal January 2016

• Internet of {Things,Threats} by Olivier Bilodeau and ESET’s Thomas Dupuy [ PDF ]