Welcome to the Jumble: Improving RDP Tooling for Malware Analysis and Pentesting

DerbyCon 9.0 - Finish Line

Presented by: Émilio Gonzalez, Francis Labelle
Date: Sunday September 08, 2019
Time: 14:00 - 14:45
Location: Track 2

The RDP protocol has a wide variety of interesting features, yet no tool supported the complexity of the protocol for information security purposes. To address this, created PyRDP, an open-source, general-purpose RDP man-in-the-middle (MITM) tool. It allows complete interception of RDP sessions with offensive capabilities and advanced features to analyze such sessions, such as listing the client’s drive content, saving the transferred files and clipboard content. This opens the door for new techniques in malware research and pentesting for a protocol that is increasingly looked at by security researchers. We will demonstrate this by showing replays of a bad actor we caught using PyRDP. The talk will also give recommendations to mitigate the risk of MITM attacks on a network.

Émilio Gonzalez

Francis and Émilio are undergraduate students from (respectively) École de Technologie Supérieure and Université de Sherbrooke in Canada. Both have a strong interest in information security and are involved with their university’s computer science club. Francis participates competitively in several CTF competitions with the DCIETS team and is interested in the offensive side of cybersecurity. Émilio organizes several computer science-related events for the students of his university and likes to learn about the defensive side of cybersecurity.

Francis Labelle

Francis and Émilio are undergraduate students from (respectively) École de Technologie Supérieure and Université de Sherbrooke in Canada. Both have a strong interest in information security and are involved with their university’s computer science club. Francis participates competitively in several CTF competitions with the DCIETS team and is interested in the offensive side of cybersecurity. Émilio organizes several computer science-related events for the students of his university and likes to learn about the defensive side of cybersecurity.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats