applied security conferences and training: CanSecWest | PacSec |


The CanSecWest conference was established in 2000. Archives of presented material may be found below.

Material Archives - 2018, 2017, 2016
                    2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008
                    2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000

CanSecWest 2015 Files

Project Zero: Making 0days Hard
- Ben Hawkes, Chris Evans Google

Taming wild copies: from hopeless crash to working exploit
- Chris Evans @scarybeasts of Google's Project Zero

I see therefore I am.... You
- Jan "starbug" Krissler, T-Labs/CCC

Smart COM fuzzing tool - Explore More Sandbox Bypassing Surface in COM objects
- Xiaoning Li & Haifei Li, Intel

A new class of vulnerability in SMI Handlers of BIOS/UEFI Firmware
- John Loucaides & Andrew Furtak, Intel

Sexrets in LoadLibrary
- Yang Yu @tombkeeper, Tencent

Attacking WebKit Applications by exploiting memory corruption bugs
- Liang Chen of KeenTeam

Userland Exploits of Pangu 8
- Team Pangu @PanguTeam

Attacks on UEFI Security
- Rafal Wojtczuk & Corey Kallenberg

FreeSentry: Protecting against use-after-free vulnerabilities due to dangling pointers
- Yves Younan, Cisco (Sourcefire/VRT)

DLL Hijacking' on OS X? #@%& Yeah!
- Patrick Wardle @patrickwardle, Synack

Memminer: Real-Time Passive Volatile Memory Inspection Inside Virtual Machines
- John Williams, EY

NDIS Packet of Death: Turning Windows' Complexity Against Itself
- Nitay Artenstein, Checkpoint

How many million BIOSes would you like to infect?
- Corey Kallenberg & Xeno Kovah, LegbaCore

UEFI, Open Platforms and the Defender's Dillema
- Vincent Zimmer, Intel

Wolf in Sheep's Clothing: Your Next APT is Already Whitelisted
- Fabio Assolini and Juan Andres Guerrero-Saade

There's Something About WMI
- Christopher Glyer and Devon Kerr, Mandiant

Credential Assessment: Mapping Privilege Escalation at Scale
- Matthew Weeks, root9b

From baseband to bitstream and back again: What security researchers really want to do with SDR
- Andy Davis, NCC Group

Bootkit via SMS: 4G access level security assessment
- Kirill Nesterov and Timur Yunusov