19 décembre 2018

In this post, we describe the new RDP man-in-the-middle and library project we developed and open sourced. Our MITM features a file stealer, a clipboard stealer and the ability to watch RDP sessions either live or after the fact. It is used as part of our RDP honeypot. In this post, we also describe an incident with a malicious user that infected our honeypot.

22 mars 2016

As a follow-up to the conference given at Confoo few weeks ago, we are doing a focus article on the same topic. The presentation was giving an overview of the modern XSS attack vectors and filter bypass. In this blog post, we will take a closer look at XSS in the context of .NET applications.

This article is intended to be a simple checklist for ASP.net MVC developers or security auditors. Defensive measures can be put in place at various layers including the template files (Razor or ASPx Forms), the Request Validation feature and the client-side (browser) filters.

26 février 2016

At GoSecure we believe that improving the security posture of Canadian companies has to happen through better security awareness and education of IT professionals.

This is why that, in addition of running our own conference GoSec in Montreal, we are major sponsors of top community conferences like AtlSecCon (Halifax, NS) and NorthSec (Montreal, QC).

13 janvier 2016

Our own Olivier Bilodeau will be presenting with Thomas Dupuy of ESET Canada Reseach about malware affecting "Internet of Things" (IoT) devices. A free event hosted by OWASP Montréal in downtown Montreal.