Lisandro Ubiedo

Security Researcher

Back to the list of Speakers and Sessions

Lisandro Ubiedo Security Researcher, GoSecure

Lisandro Ubiedo is part of the Cybersecurity Research team at GoSecure. Passionate about all things malware – from reverse-engineering to catching them on-the-go – and doing DevOps to keep attackers entertained. Lisandro also works on programming tools to aid malware analysis and cybersecurity research. He was part of the Aposemat team at Stratosphere Labs doing IoT malware research and as a DevSecOps engineer in multiple companies, while also enjoying CTF challenge solving.


Discussion: Red Team Block

This is a Q&A session. Moderators will take audience questions both remotely and on-site via sli.do.


Hosted panel discussion and Q&A.

Hosted panel discussion and Q&A.

Talk: The Risks of RDP and How to Mitigate Them

Talks will be streamed on YouTube and Twitch for free.


We have been studying and reimplementing parts of RDP for the last three years. This talk is about how to attack and defend against RDP attacks. From MITM and credential capture to secure deployment.

Remote Desktop Protocol (RDP) is the de facto standard for remoting in Windows environments. It grew in popularity over the last couple of years due to the pandemic. Many remote workers are now relying on it to perform duties on remote systems. RDP is secure when well deployed but, unfortunately, that’s rarely the case and thus clicking through warnings is common. We have spent the last 3 years working on and reimplementing parts of RDP in PyRDP, our open-source RDP library. This presentation is about what we have learned and can be applied to attack and defend against RDP attacks.

From an attacker’s perspective, we will cover conventional RDP attacks such as Monster-in-the-Middle (MITM) of RDP connections, capture of NetNTLMv2 hashes and techniques to bypass conventional defense mechanisms such as Network Level Authentication (NLA). Case in point: Did you know that by default all clients allow server-side NLA downgrades right now? This will enable us to understand and identify the risks with RDP.

From the Blue Team’s perspective, we will provide techniques and tools to detect attacks showcased previously. Finally, we will provide step-by-step instructions to deploy an accessible RDP server that is both secure and functional.