applied security conferences and training: CanSecWest | PacSec | EUSecWest |

History

The CanSecWest conference was established in 2000. Archives of presented material may be found below.

Material Archives - 2017, 2016
                    2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008
                    2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000

CanSecWest 2015 Files

Project Zero: Making 0days Hard
- Ben Hawkes, Chris Evans Google


Taming wild copies: from hopeless crash to working exploit
- Chris Evans @scarybeasts of Google's Project Zero


I see therefore I am.... You
- Jan "starbug" Krissler, T-Labs/CCC


Smart COM fuzzing tool - Explore More Sandbox Bypassing Surface in COM objects
- Xiaoning Li & Haifei Li, Intel


A new class of vulnerability in SMI Handlers of BIOS/UEFI Firmware
- John Loucaides & Andrew Furtak, Intel


Sexrets in LoadLibrary
- Yang Yu @tombkeeper, Tencent


Attacking WebKit Applications by exploiting memory corruption bugs
- Liang Chen of KeenTeam


Userland Exploits of Pangu 8
- Team Pangu @PanguTeam


Attacks on UEFI Security
- Rafal Wojtczuk & Corey Kallenberg


FreeSentry: Protecting against use-after-free vulnerabilities due to dangling pointers
- Yves Younan, Cisco (Sourcefire/VRT)


DLL Hijacking' on OS X? #@%& Yeah!
- Patrick Wardle @patrickwardle, Synack


Memminer: Real-Time Passive Volatile Memory Inspection Inside Virtual Machines
- John Williams, EY


NDIS Packet of Death: Turning Windows' Complexity Against Itself
- Nitay Artenstein, Checkpoint


How many million BIOSes would you like to infect?
- Corey Kallenberg & Xeno Kovah, LegbaCore


UEFI, Open Platforms and the Defender's Dillema
- Vincent Zimmer, Intel


Wolf in Sheep's Clothing: Your Next APT is Already Whitelisted
- Fabio Assolini and Juan Andres Guerrero-Saade


There's Something About WMI
- Christopher Glyer and Devon Kerr, Mandiant


Credential Assessment: Mapping Privilege Escalation at Scale
- Matthew Weeks, root9b


From baseband to bitstream and back again: What security researchers really want to do with SDR
- Andy Davis, NCC Group


Bootkit via SMS: 4G access level security assessment
- Kirill Nesterov and Timur Yunusov