2019/03/12 – 2019/03/12

141 Catherine St.

View MapMap and Directions | Register


Rescheduled from February.

How do bad actors conduct reconnaissance, initial exploitation, establish persistence, install tools, move laterally, and then collect, exfiltrate and exploit data? Most people think nation states, hostile foreign intelligence agencies and criminals are running their covert operations using zero days, but it’s not that common.

Gaining access to corporate networks and maintaining persistence is almost always done without a zero day; there are so many more vectors that are easier, less risky, and more productive. In a man-on-the-side (MotS) attack the malicious actor can read the traffic and insert new packets, but not to modify or delete packets sent by other participants. The attacker relies on a timing advantage to make sure that the response he sends to the request of a victim arrives before the legitimate response.

This type of attack can be used to disrupt existing communications by sending a perfectly forged TCP packet (correct peer, port, and sequence numbering) with the RST (reset) flag set. This packet is obeyed by the network stack or operating system which drops the connection. Or it could be used to place malware on the victim’s computer.


Patrick Malcolm, President of NetRunner is a trusted educator to clients like: the Department of National Defence, Canadian Security Establishment, IBM, The Royal Bank of Canada, the RCMP High Tech Crime Unit, Canadian Police College. An entertaining and knowledgeable storyteller, Patrick combines compelling storytelling with technical facts that engage and give participants a memorable experience..


  • 5:30 – 6:00 PM Registration, Networking, Cash Bar and Grill
  • 6:00 – 6:05 PM Introduction of Speaker
  • 6:05 – 7:20 PM Presentation
  • 7:20 – 7:30 PM Question Period
  • 7:30 PM Closing remarks


Members: free, included in your annual dues

Non-Members: $15.00

We will have a look at these malicious actors perform a packet injection attack, known as a man-on-the-side attack during our live demonstration.