CanSecWest 2022 Hybrid Conference

Our second ever offering of both in-person and on-line of the CanSecWest conference. Eighteen Dojos were offered over five days (May 14 to 18, 2022). Eighteen presentations and six workshops were offered over three days (May 18 to 20, 2022).

List of Presentations

For descriptions of the presentations and presenters please follow this link.

• [KEYNOTE] A Brief and Mostly Incorrect History of Fully-Remote Mobile Vulnerabilities, Natalie Silvanovich

• [KEYNOTE] Is the Future of AppSec Human?, David Brumley

• Launching EMUX - A framework for emulating ARM and MIPS IoT Devices, Saumil Shah

• Project TEMPA - Demystifying Tesla's Bluetooth Passive Entry system, Martin Herfurt

• Bad ALAC: One codec to hack the whole world, Slava Makkaveev and Netanel Ben Simon

• Bypassing Falco: Cluster Compromise without Tripping the SOC, Shay Berkovitch

• FirmWire: Taking Baseband Security Analysis to the Next Level, Dominik Maier, Marius Muench and Grant Hernandez

• Kubernetes Attack and Defense: Break Out and Escalate!, Jay Beale

• Defeating Stack Canaries and Memory Safety with Speculative Execution, Andrea Mambretti and Anil Kurmus

• Talk to Your Doctor About If Protocols are Right for You: Vulnerabilties in HL7 Protocols, Zachary Minneker

• Securing the 3rd Party Software Life Cycle, Kesav Nimmagadda and Neha Shukla

• Thanks for Leaving the Lights On, Adam Doherty

• When eBPF meets TLS! by Guillaume Valadon

• The Printer goes brrrr by Rémi Jullian, Thomas Jeunet and Mehdi Talbi

• PWN Windows: From Low to System Privilege via RASMAN Service by Ziming Zhang

• Matryoshka Trap: Recursive MMIO Flaws Lead to VM Escape by Qiuhao Li and Gaoning Pan

• Exploiting Relational and Non-Relational Java Databases by Xu Yuanzhen and Chen Hongkun

• Mystique Hits: Vulnerability Chain that breaks the Android Application Sandbox by the Dawn Security Group

List of Workshops

For more details, please follow this link.

• Hands On EMUX: Emulating ARM and MIPS IoT Firmware by Saumil Shah

• Practical Mobile App Attacks by Example by Abraham Aranguren

• Security Lessons From COVID-19 by Rob Slade

• An Introduction to ARM Assembly and Shellcode by Saumil Shah

• Practical CodeQL for Auditors, Agustin Gianni

• Hacking Javascript Desktop Apps with XSS and RCE, Abraham Aranguren

List of Dojos

For a greater level of details, please follow this link. The names of the dojos and their presenters follows below.

• x86-64 OS Internals by Xeno Kovah

• x86-64 Intel Firmware Attack & Defense by Xeno Kovah

• x86-64 All You Can Learn Buffet! by Xeno Kovah

• x86-64 Assembly by Xeno Kovah

• C/C++ Implementation Vulnerabilities by Xeno Kovah

• Cognitive Security: Defending against Misinformation, Disinformation and Other Information Harms by SJ Terp and Pablo Breuer

• Assessing and Exploiting Control Systems and IIoT by Justin Searle

• Evil Mainframe: Mainframe Hacking for Penetration Testers by Phil Young

• Heap Exploitation by Maxwell Dulin and Zachary Minneker

• Automated Program Analysis using Machine Learning by Hahna Kane Latonick

• Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation by Dawid Czagan

• Advanced Penetration Testing: Mastering Web Attacks with Full-Stack Exploitation by Dawid Czagan

• Web Hacking Secrets: How to Hack Legally and Earn Thousands of Dollars at HackerOne by Dawid Czagan

• Windows Kernel Exploitation Advanced Training by Ashfaq Ansari

• Windows Kernel Exploitation Foundations by Ashfaq Ansari

• Hacking JavaScript Desktop apps: Master the Future of Attack Vectors by Abraham Aranguren and Anirudh Anand

• Hacking Android & iOS apps by Example by Abraham Aranguren, Abhishek J M, Anirudh Anand and Juan Urbano Stordeur

• Reproducing Zero-Days with Mayhem by Nathan Jackson