Security BSides Prague 2026

Decrypting agent–server communications is not a subject that can be easily researched (limited information available). Either you find corner cases debugging a binary or quite simple examples using Burp. This workshop covers them all and opens new topics that might be expanded in the future.

Description
Usually, as a pentester or a defender, when it comes to agent-server communications, we always struggle to intercept the data shared between peers. Sometimes, vendors include MITM support or provide an option to disable encryption. However, this is not as common as one might expect. Security by obscurity is still a thing and cannot be easily defeated. Nevertheless, as pentesters, finding workarounds is our job — and that’s the goal of this workshop.

During the workshop, attendees will: - Get a clear overview of the different encryption mechanisms used in the wild (HTTP, HTTPs, TCP, TLS over TCP, mutual TLS). - Learn how to circumvent each of them based on the characteristics of the binary and the protocols used: - Is the binary using HTTP or TPC? - Is it a Golang compiled? - Can we use our own self-signed certificate? - If not, do we have access to the legitimate CA? - Use Frida to dig deeper into more complex situations like mutual TLS. - Learn by practicing with custom binaries per protocol. - Obtain a mindmap for each scenario to speed up their tests - Intercept fast, test faster! - Apply this mindmap for facing a real world tool like Sliver (C2 framework).

If time permits, an extra binary will be launched at the end of the workshop as a miniCTF challenge.

Note: Slides and binaries used during the workshop will be available on GitHub.