applied security conferences and training: CanSecWest | PacSec | EUSecWest |

CanSecWest 2018 Agenda Timetable

The CanSecWest 2018 agenda is Tenatative. Speaker's name, talk order, time and duration are subject to change without notice for various reasons such as Canadian VISA issuing to speakers.

Please see the Speakers page for talk descriptions.

Agenda

March 11-14

Security Masters Dojo, Third and Fourth Floor, 9:00 A.M. - 6:00 P.M.

Wednesday March 15th

9:00 - 11:00 Registration
11:00 - 11:05 Openning Remarks - Dragos Ruiu
11:05 - 11:35 Cyberwar and other modern myths - Dr. Michael A. VanPutte, Ph.D, CISSP
11:35 - 11:45 Introduction - Invite only bug bounty program - Bruce Monroe, Intel
11:45 - 11:55 Introduction - New bug bounty program - Akila Srinivasan, Microsoft
12:00 - 13:00 Fuzzflow Framework and Windows Guided Fuzzing - Richard Johnson, Cisco Talos
13:00 - 13:05 Special Announcement
13:05 - 13:30 Break
13:30 - 14:20 Secure boot: they're doing it wrong. - Scott Kelly, Netflix
14:20 - 15:10 Port(al) to the iOS core - Introduction to previous private iOS Kernel Exploitation Techniques - Stefan Esser
15:10 - 16:00 Inside Stegosploit - Saumil Shah
16:00 - 16:15 Break
16:15 - 16:45 Hijacking .NET to Defend PowerShell - Amanda Rousseau, Endgame
16:45 - 17:30 Inspecting and injecting. IronPython and .NET DLR memory reflection blazing through hundreds of GB in no time. - Shane Macaulay, IOActive
17:30 - 18:30 Pwning Nexus of Every Pixel: Chain of Bugs demystified - Qidan He, KeenLab, Tencent

Thursday March 16th

08:00 - 09:00 Registration & Breakfast
09:00 - 10:00 Low cost radio wave attacks on modern platforms - Mickey Shakatov + Maggie Jaurequi, Intel
10:00 - 10:20 Second Breakfast
10:20 - 11:10 Privilege escalation on high-end servers due to implementation gaps in CPU Hot-Add flow - Cuauhtemoc Chavez Corona + Rene Henriquez + Laura Fuentes Castaneda + Jorge Gonzalez Diaz + Jan Seidl, Intel
11:10 - 12:10 Attacking DSMx Spread Spectrum Frequency Hopping RC Drone Protcol - Jonathan Andersson, Trend Micro
12:10 - 13:10 Lunch
13:10 - 14:00 Touch-and-Go Elections - How convenience has taken over security, again. - Harri Hursti
14:00 - 15:00 Exploring Your System Deeper is Not Naughty - Oleksandr Bazhaniuk, Yuriy Bulygin, Mikhail Gorobets, Andrew Furtak, John Loucaides, Intel Security
15:00 - 15:15 break
15:15 - 16:05 Cyber WMD: Vulnerable IoT - Yuhao Song, GeekPwn Lab & KEEN + Huiming Liu, GeekPwn Lab & Tencent Xuanwu Lab
16:05 - 16:50 Automotive Intrusion Detection - Jun Li + Qing Yang, Unicorn Team, Qihoo 360
16:50 - 17:00 break
17:00 - 17:50 A platform base on visualization for protecting CAN bus security - Jianhao Liu + Minrui Yan, SkyGo Vehicle Cyber Security Team, Qihoo 360
17:50 - 18:20 State of Windows Application Security: Shared Libraries - Chuanda Ding, Xuanwu Lab, Tencent
19:30 - 01:00 Reception Party @ Celebrities 1022 Davie St.

Friday March 17th

08:00 - 09:00 Breakfast
09:00 - 10:00 Microsoft's strategy and technology improvements for mitigating native remote code execution - Matt Miller + David Weston, Microsoft
10:00 - 10:20 Second Breakfast
10:20 - 11:20 Lots of Squats: APTs Never Miss Leg Day - Kyle Ehmke, ThreatConnect
11:20 - 12:10 Logic Bug Hunting in Chrome on Android - Georgi Geshev + Robert Miller, MWR InfoSecurity
12:10 - 13:10 Lunch
13:10 - 13:55 What if encrypted communications are not as secure as we think? - Enrico Branca, OWASP
13:55 - 14:55 How to find the vulnerability to bypass the Control Flow Guard - Henry Li, Trend Micro
14:55 - 15:10 Break
15:10 - 16:00 The Dark Composition (DComposition) of Win32k - Attacking the Shadow Part of Graphic Subsystem to Gain System Priviledge - Peng Qiu + Shefang Zhong, Qihoo 360
16:00 - 16:45 Escape from VMware Workstation by using "Hearthstone" - Xinlei Ying + Qinghao Tang, Qihoo 360
16:45 - 16:55 Break
16:55 - 17:40 Dig into the qemu security and gain 50+ CVE in one year - Qiang Li + ZhiBin Hu + Mei Wang, Qihoo 360