Interact with the security community
CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
The conference is single track, with one hour presentations over the duration beginning at 9:00 a.m. The registration fee includes the catered meals, and there will be a vendor display and lounge/eating area, where wireless internet access will be available (as well as in the speaking theater). The conference discount hotel room booking system can be found here.
2014-03-05-19:15:00 Agenda and Keynote Honorable Diane Finley and Whistler Post Conference Trip Detail
The mostly final agenda is now up.
Speaking of which, we are honored to announce a keynote presentation on Thursday from the Hon. Diane Finley, Canadian Federal Minister of Public Works and Government Services. She will giving a presentation on the Federal Government's information security efforts and how commercial companies can participate and assist their plans.
We have the final configuration for Whistler cabins for the Post CanSecWest Whistler Decompression starting March 14. We have 7 cabins (majority 4 bedroom, and two three bedroom) in the village itself. All of the cabins are set up for Friday March 14 arrival except for one with Saturday March 15 arrival. Cabins are available for three four and five night stays. Room costs will be $200/night for those staying over two nights, and $250/night for shorter staysi (these prices are per room, double occupancy is possible with most rooms). All are within walking distance of the lifts (but we'll have folks with larger cars to shuttle the less motivated), and stumbling distance of each other. Contact secwest14 [at] cansecwest.com to join and reserve your spot, please include a contact telephone number, your preferred stay dates, desired social boisterous level (ranging from hot tub track, to serious skier/boarder)i, and if you need a ride up or can take extra passengers with luggage in your transport.
See you all next week -- The CanSecWest Team
2014-01-24-16:50:00 Speakers PWN2OWN and Chromium
Some agenda announcements:
- Presentations announced so far to be scheduled (more announcements and abstracts coming shortly):
- Copernicus 2, SENTER the Dragon - Xeno Kovah, John Butterworth, Corey Kallenberg, Sam Cornwell; MITRE
- All Your Boot Are Belong To Us - Corey Kallenberg, Yuriy Bulygin, Andrew Furtak, Oleksandr Bazhaniuk, John Loucaides, Xeno Kovah, John Butterworth, Sam Cornwell ; from Intel and MITRE
- Outsmarting Bluetooth Smart - Mike Ryan ; iSEC Partners
- The Real Deal of Android Device Security: the Third Party - Collin Mulliner , Jon Oberheide ; Northwestern University, Duo Security
- Hacking 9/11 - The next is likely to be even bigger with an ounce of cyber - Eric Filiol ; Operational Cryptology and Virology Lab EISEA
- No Apology Required: Deconstructing Blackberry10 - Zach Lanier, Ben Nell ; Duo Security & Accuvant
- USB Flash Storage Threats and Threat Mitigation in an Air-Gapped Network Environment - George Pajari, HCIS
- ROPs are for the 99%: A revolutionary bypass technology - Yang Yu a.k.a. "tombkeeper"; NSFOCUS Labs
- Advanced Exploit Detection - Haifei Li, Bing Sun ; McAfee a.k.a. Intel Security
- Intelligent Use of Intelligence: Design to Discover - Ping Yan ; OpenDNS
- Concurrency: a problem and opportunity in the exploitation of memory corruptions - Ralph-Philipp; Comsecuris
- The Art of Leaks: The Return of Heap Feng Shui - Tao Yan "ga1ois" ; NSFOCUS Labs
- Exploring RADIUS - Brad Antoniewicz ; Foundstone/McAfee/Intel
- Revisiting iOS Kernel (In)Security - Tarjei Mandt ; Azimuth Security
- Combating the Advanced Memory Exploitation Techniques: Detecting ROP with Memory Information Leak - Stanley Zhu and Chong Xu ; McAfee
- Platform Firmware Security Assessment with CHIPSEC - John Loucaides, Yuriy Bulygin ; Intel
- Less is more, Exploring code/process-less techniques and other weird-machine methods to hide code (and how to detect them) - Shane Macaulay ; Ioactive
The PWN2OWN rules for this year will be announced shortly, and the Google folks have come up with a $2.71828 million prizes allowance for Chromium 4 at CanSecWest.
2013-01-28-18:09:00 Agenda Announcements
Some agenda announcements:
- Keynote: DARPA's Peiter "mudge" Zatko
- Facebook's Ryan McGeehan and Chad Greene will be talking about an unusual incident at the beginning of 2012
- Vladimir Katalov, ElcomSoft,@vkatalov Cracking and analyzing Apple iCloud backups, Find My iPhone, document storage.
- Stephan Esser @i0n1c will be talking about iOS
- Joshua J. Drake @jduck1337 - An Android Hacker's Journey: Challenges in Android Security Research
- Oded Horovitz and Steve Weis @sweis - Physical Privilege Escalation and Mitigation in the x86 world.
- Mike "dd" Eddington @sockstail will be talking about "Godel's Gourd. Fuzzing for logic issues"
- Yu Yang "tombkeeper" will be talking about DEP/ASLR bypass without ROP/JIT
- Peter Vreugdenhil @WTFuzz will be talking about the Adobe Reader XI Sandbox.
- @beist will be talking about Smart TV Security
- Rahul Sasi @fb1h2s - SMS to Meterpreter, Fuzzing USB Modems
- James Forshaw @tiraniddo - Reflecting on Reflection: Exploiting Reflection Vulns in Managed Languages (Java, .NET)
- Yuriy Bulygin, McAfee - Evil Maid Just Got Angrier: Why Full-Disk Encryption With TPM is Insecure on Many Systems
- Rob Beck - MS-SQL Post Exploitation Shenanigans: You're In, Now What?
- Chris Astacio, Websense - Shining Some Light on the Evolution of Blackhole
- CanSecWest 2013: Julia Wolf @foxgrrl - Analysis of a Windows Kernel Vulnerability: From Espionage to Criminal Use.
2013-01-18-09:10:00 PWN2OWN 2013
CanSecWest PWN2OWN: HP and Google co-ordinate, pool resources, over a half million dollars in prize money (!), now browser plug-ins are also in scope... Details here on the ZDI blog
We just ordered the first of the prize laptops yesterday, Thinkpad X1 Carbon Touch i7 ...
2013-01-17-09:14:00 Technology Enhancement: Dojos Online
Advanced and intermediate security training and technology enhancement for information security professionals. The Dojo registration system is up. We might add a course after reviews are done. Stand by for agenda.
- Guillaume Valadon & Nicolas Fischbach - IPv6 Network Security: From Theory to Practice With Scapy
- Nicolas Bareil - Mastering the Network With Scapy
- Saumil Shah & Josh Ryder - Introductory Exploit Lab
- Jason Geffner & Scott Lambert - Introduction to Malware Analysis
- Joseph Karpenko - Network Threat Defense, Countermeasures, and Controls
- Saumil Shah & Josh Ryder - Advanced Exploit Lab
- Micheal Eddington - Peach Fuzz
- Marc "van Hauser" Heuse - Pentesting and Securing IPv6 Networks
- Marc Schoenefeld - Java Security, Attack and Defense
- Jason Geffner & Scott Lambert - Advanced Malware Deobfuscation
- Joseph Karpenko - Network Threat Defense, Countermeasures, and Controls
- Aaron Portnoy & Zef Cekaj - Breaking Binary Applications
- Stephen A. Ridley & Stephen Lawler - Practical ARM Exploitation
- James "egyp7" Lee & Rob "mubix" Fuller - Metasploit Mastery
