Interact with the security community
CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
The conference is single track, with one hour presentations over the duration beginning at 9:00 a.m. The registration fee includes the catered meals, and there will be a vendor display and lounge/eating area, where wireless internet access will be available (as well as in the speaking theater). The conference discount hotel room booking system can be found here.
We are starting to notify CFP submissions. The following presentations have been announced:
- Sandbox Escape with Generous Help from Security Software - Chuanda Ding, Tencent Xuanwu Lab
- Don't Trust Your Eye: Apple Graphics Is Compromised! - Liang Chen and Marco Grassi, Keen Labs Tencent
- Bypassing Different Defense Schemes via Crash Resistant Probing of Address Space - Robert Gawlik
- APT Reports and OPSEC Evolution: These are not the APT reports you are looking for. - Gadi Evron, Cymmetria
January Dojo registration rates finish soon, and we have several courses that have been updated and one new one from Nikhil Mittal, "PowerShell for Penetration Testers" that will have registration online for shortly. These courses have been updated with material to reflect the ever changing information security technoscape:
- Stephan Esser's iOS/OSX Dojo has been updated with information on Apple's latest El Capitan, and the modifications to their security model it introduces.
- Marc Schoenefeld's Java security course has been refreshed with the latest advances.
- Both Marc Heuse's and Guillaume Valadon's complementary IPv6 security trainings have updated.
- Andrea Barisani's and Andrej Rosano's ARM Trust zone course has been updated witht heir latest advances from their USB Armory R&D.
- Adam Laurie has updated his RFID/NFC course material with new advances.
- Brandon Niemczyk and Jonathan Andersson, have improved even further their applied lab excercises for their SDR course.
- Dawid Czagan has added the latest web hacking techniques to his course.
The dojo registration links are active, including three new two day courses and one revamped four day course, as well as our regular lineup of excellent material taught by industry luminaries to empower your security technology level. Two sessions of a course on securing hardware called Applied Physical Attacks on x86 Systems from Joe Fitzpatrick are available, and our regular instructors Scott Lambert and Jason Geffner, who also do the Introductory and Advanced Malware Deobfuscationr courses, have a new course about Nation-State Sponsored Targeted Attacks, which is very timely as this has emerged as a new significant threat vector recently. John Butterworh is offering a new course on securing UEFI BIOS in Introductory BIOS & SMM Attack & Defense and Saumil Shah has updated his always popular four day Exploit Lab course to focus on the ARM platform in the ARM Exploit Lab which is also emerging as an important new area of security technology.
Joe's hardware course Applied Physical Attacks on x86 Systems
Applied Physical Attacks on x86 Systems This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. The course has several modules: USB, SPI/BIOS, I2C/SMBus, PCIe, and JTAG. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells. Based on the pace and interest of the attendees, not all material may fit in 2 days but will still be available to attendees.
Scott and Jason's APT analysis course Nation-State Sponsored Targeted Attacks
RSA, Google, The New York Times, Lockheed Martin, Coca-Cola, Northrop Grumman, The Wall Street Journal, Kaspersky, the list goes on and on of companies that have been recently infiltrated via Advanced Persistent Threats (APTs). Nation-state adversaries and organized crime groups have been waging a digital war on major companies and government agencies over the last several years and the quantity and complexity of these attacks continues to accelerate at a rapid pace. In order to prevent and respond to APTs, it is critical to understand the attackers' motives and methods. This course follows the theatrical narrative of a fictional attack on a major defense contractor and puts the student in the action seat. Students work with a team of supporting characters throughout the class in order to analyze and learn about the tactics, techniques, and procedures used during an APT intrusion. This is a hands-on course. Attendees will analyze real-world malware used by real-world nation-state adversaries during the APT response in order to track down the adversary behind the attack and understand the havoc wreaked on the victim's network.
John Butterworth's Introductory BIOS & SMM Attack & Defense
UEFI BIOS is firmware where the sophisticated attacker can live unseen and unfettered. This class covers why the BIOS is critical to the security of the platform. It will also show you how the BIOS may be compromised and what capabilities and opportunities are provided to the attacker when it is. You will be provided tools for performing vulnerability analysis on firmware, as well as firmware forensics. Additionally, this class will introduce people UEFI firmware reverse engineering. This can be used either for vulnerability hunting, or analyzing suspected implants found in a UEFI BIOS, without having to rely on anyone else.
Saumil Shah's ARM Exploit Lab
ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The all new ARM Exploit Laboratory is a 4-day intermediate level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers everything from an introduction to ARM assembly all the way to Return Oriented Programming (ROP) on ARM architectures. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM Linux and Windows environments. The 4-day format features lots of hands-on exercises allowing students to internalize concepts taught in class.
We have special rate for our conference attendees at Sheraton Wall Centre (our conference hotel).
If you would like to take this opportunity, please go to the link below and reserve your room, then you should be able to get the room with conference special rate which is CDN $175/night (the price includes high speed internet connection in your room plus additional benefits as below).
We sell out all of the rooms every year and we will close the link pretty soon, so please make sure to book your room early enough.
Guests who book from our group rate can get these benefits(not applicable for out of block bookings):
- Complementary Hi-Band in room Internet (4Mbps, Regular price additional $18.95 per night)
- Complementary Bottled water within guestrooms for the duration of the conference (Valued at $10 per day)
- Complementary Communication bundle (includes HSIA, local/1-800 calls) for each guestroom (Valued at $1.60 access charge for calls up to 60 minutes and $0.10 for each additional minute up to 90th minute)
- A voucher to use in Cafe One or Bar One (in the hotel) for a 10% discount off the menu (excludes alcohol)
- Complimentary Health Club Access
- Free of charge cancellation until the day of arrival 6pm
- Earn SPG points
Have a Happy New Year from us to all of you, your families, and friends. Speaker Proposals are being reviewed, Dojo classes will be announced and available for registration, and rooms are available at the CanSecWest conference hotel.
The PWN2OWN 2015 rules are available here. The contest will run concurrently to the conference in the Pwn2Own room on March 18th - 19th. Prizes from HP range from $25,000 to $75,000 with an additional $10,000 for exploitation of Chrome provided by Google Project Zero. Registration via email at email@example.com closes at 5pm PST March 16th, 2015. Total prizes (cash and non-cash) this year total more than one million dollars.
We have special rate for our conference attendees at Sheraton Wall Centre (our conference hotel), however currently our hotel is sold out for Mar 17-20.
As an alternate have another great hotel, The Sutton Place Hotel, a block from the conference hotel with same rate including internet connection in your room.
You can book on line at www.suttonplace.com -- GROUP CODE: VAN_CANSECWEST15
Or via Telephone: 1-866-378-8866 (toll-free in Canada and Continental USA)
Or via Email: firstname.lastname@example.org
Changes or cancellations for individual reservations must reach the Reservations Department 48 hours prior to the arrival date to avoid penalty of one nights room and tax.
If you still would like to stay at our conference hotel and willing to put your name on the waiting list, please send an email to: email@example.com with check-in, out dates, and all of the names of the guest/guests.