Interact with the security community
CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
The conference is single track, with one hour presentations over the duration beginning at 9:00 a.m. The registration fee includes the catered meals, and there will be a vendor display and lounge/eating area, where wireless internet access will be available (as well as in the speaking theater). The conference discount hotel room booking system can be found https://www.starwoodmeeting.com/Book/CSW2015">here.
CanSecWest post-conference "Whistler Decompression" bookings worked out really well this year. We have five, four bedroom cabins at Fitzsimmons Walk complex in the village within walking distance of the village center and lifts, some adjacent, some interconnected by heated underground garage. For stay durations of 3, 4, and 5 days (2 day weekend only stays also negotiable), at $250/night (for three nights, $220 for longer) which includes some food and meals and dinner party Saturday night. Even if you don't ski there is the hot-tub/bar/videogames/sectalk track and other activities such as snowmobiling if you are interested - we are are bringing up ps4s and xbone units again. To reserve a spot (they are about half full already) message email@example.com with your preferred travel dates, and room-mate or some occupation preference (single occupancy is ok, you just have to cover the whole room), Most rooms have private baths but some are shared between two rooms. Each cabin sleeps about 10 if you count the two couches, and/or folding beds.
Most people drive up Friday night after the conference, so March 20th this year, and we try to send an advance party to minimally stock the fridges for arrival. On the Friday at the conference we arrange car pools and it's usually easy to get a ride up. For returns there are buses to the city and airport no matter what your schedule, and usually lots of folks going back at various times to hop rides with. Please let us know if you are renting a car or have room in your car for extra bodies.
For those that are interested in booking their own more secluded cabins for a small group, there are still plenty of village walking distance vacancies left in the adjacent Montebello complex and slightly farther Northern Lights area, and We would be glad to assist in booking if you need it (we get better discounts with the agents after doing this for so many years, and it may be in your interest to contact us). In addition, most of the village hotels still have lots of vacancies. As usual, we will also have one early rising focused skiier, quiet designated cabin at the end of the complex for those who wish to enjoy the more meditative aspects of beautiful Whistler. It's much smaller, relaxed, and more social than the big conference, and usually a lot of fun, and fills up fast, so contact us at firstname.lastname@example.org ASAP if you are interested.
- Chris Evans @scarybeasts of Google's Project Zero - Taming wild copies: from hopeless crash to working exploit
- Jan "starbug" Krissler, T-Labs/CCC - I see therefore I am.... You
- Xiaoning Li & Haifei Li, Intel - Smart COM fuzzing tool - Explore More Sandbox Bypassing Surface in COM objects
- John Loucaides & Andrew Furtak, Intel - A new class of vulnerability in SMI Handlers of BIOS/UEFI Firmware
- Yang Yu @tombkeeper, Tencent - Sexrets in LoadLibrary
- Liang Chen of KeenTeam - Attacking WebKit Applications by exploiting memory corruption bugs
- Team Pangu @PanguTeam - Userland Exploits of Pangu 8
- Rafal Wojtczuk & Corey Kallenberg - Attacks on UEFI Security
- Yves Younan, Cisco (Sourcefire/VRT) - FreeSentry: Protecting against use-after-free vulnerabilities due to dangling pointers
- Patrick Wardle @patrickwardle, Synack - DLL Hijacking' on OS X? #@%& Yeah!
- John Williams, EY - Memminer: Real-Time Passive Volatile Memory Inspection Inside Virtual Machines
- Nitay Artenstein, Checkpoint - NDIS Packet of Death: Turning Windows' Complexity Against Itself
- Corey Kallenberg & Xeno Kovah, LegbaCore - How many million BIOSes would you like to infect?
- Vincent Zimmer, Intel - UEFI, Open Platforms and the Defender's Dillema
- Fabio Assolini and Juan Andres Guerrero-Saade - Wolf in Sheep's Clothing: Your Next APT is Already Whitelisted
- Christopher Glyer and Devon Kerr, Mandiant - There's Something About WMI
- Matthew Weeks, root9b - Credential Assessment: Mapping Privilege Escalation at Scale
- Andy Davis, NCC Group - From baseband to bitstream and back again: What security researchers really want to do with SDR
- Kirill Nesterov and Timur Yunusov - Bootkit via SMS: 4G access level security assessment
Also please check the Dojo page we have added more new Dojos this year than in any other previous year. New courses on USB Armory/ARM TrustZone, Auditing Web Apps, Software Defined Radio, BIOS&SMM Attack&Defense, as well as all the other usual outstanding advanced training from some of the world's sharpest folks. Upgrade your technology with education.
2014-03-05-19:15:00 Agenda and Keynote Honorable Diane Finley and Whistler Post Conference Trip Detail
The mostly final agenda is now up.
Speaking of which, we are honored to announce a keynote presentation on Thursday from the Hon. Diane Finley, Canadian Federal Minister of Public Works and Government Services. She will giving a presentation on the Federal Government's information security efforts and how commercial companies can participate and assist their plans.
We have the final configuration for Whistler cabins for the Post CanSecWest Whistler Decompression starting March 14. We have 7 cabins (majority 4 bedroom, and two three bedroom) in the village itself. All of the cabins are set up for Friday March 14 arrival except for one with Saturday March 15 arrival. Cabins are available for three four and five night stays. Room costs will be $200/night for those staying over two nights, and $250/night for shorter staysi (these prices are per room, double occupancy is possible with most rooms). All are within walking distance of the lifts (but we'll have folks with larger cars to shuttle the less motivated), and stumbling distance of each other. Contact secwest14 [at] cansecwest.com to join and reserve your spot, please include a contact telephone number, your preferred stay dates, desired social boisterous level (ranging from hot tub track, to serious skier/boarder)i, and if you need a ride up or can take extra passengers with luggage in your transport.
See you all next week -- The CanSecWest Team
Some agenda announcements:
- Presentations announced so far to be scheduled (more announcements and abstracts coming shortly):
- Copernicus 2, SENTER the Dragon - Xeno Kovah, John Butterworth, Corey Kallenberg, Sam Cornwell; MITRE
- All Your Boot Are Belong To Us - Corey Kallenberg, Yuriy Bulygin, Andrew Furtak, Oleksandr Bazhaniuk, John Loucaides, Xeno Kovah, John Butterworth, Sam Cornwell ; from Intel and MITRE
- Outsmarting Bluetooth Smart - Mike Ryan ; iSEC Partners
- The Real Deal of Android Device Security: the Third Party - Collin Mulliner , Jon Oberheide ; Northwestern University, Duo Security
- Hacking 9/11 - The next is likely to be even bigger with an ounce of cyber - Eric Filiol ; Operational Cryptology and Virology Lab EISEA
- No Apology Required: Deconstructing Blackberry10 - Zach Lanier, Ben Nell ; Duo Security & Accuvant
- USB Flash Storage Threats and Threat Mitigation in an Air-Gapped Network Environment - George Pajari, HCIS
- ROPs are for the 99%: A revolutionary bypass technology - Yang Yu a.k.a. "tombkeeper"; NSFOCUS Labs
- Advanced Exploit Detection - Haifei Li, Bing Sun ; McAfee a.k.a. Intel Security
- Intelligent Use of Intelligence: Design to Discover - Ping Yan ; OpenDNS
- Concurrency: a problem and opportunity in the exploitation of memory corruptions - Ralph-Philipp; Comsecuris
- The Art of Leaks: The Return of Heap Feng Shui - Tao Yan "ga1ois" ; NSFOCUS Labs
- Exploring RADIUS - Brad Antoniewicz ; Foundstone/McAfee/Intel
- Revisiting iOS Kernel (In)Security - Tarjei Mandt ; Azimuth Security
- Combating the Advanced Memory Exploitation Techniques: Detecting ROP with Memory Information Leak - Stanley Zhu and Chong Xu ; McAfee
- Platform Firmware Security Assessment with CHIPSEC - John Loucaides, Yuriy Bulygin ; Intel
- Less is more, Exploring code/process-less techniques and other weird-machine methods to hide code (and how to detect them) - Shane Macaulay ; Ioactive
The PWN2OWN rules for this year will be announced shortly, and the Google folks have come up with a $2.71828 million prizes allowance for Chromium 4 at CanSecWest.
Some agenda announcements:
- Keynote: DARPA's Peiter "mudge" Zatko
- Facebook's Ryan McGeehan and Chad Greene will be talking about an unusual incident at the beginning of 2012
- Vladimir Katalov, ElcomSoft,@vkatalov Cracking and analyzing Apple iCloud backups, Find My iPhone, document storage.
- Stephan Esser @i0n1c will be talking about iOS
- Joshua J. Drake @jduck1337 - An Android Hacker's Journey: Challenges in Android Security Research
- Oded Horovitz and Steve Weis @sweis - Physical Privilege Escalation and Mitigation in the x86 world.
- Mike "dd" Eddington @sockstail will be talking about "Godel's Gourd. Fuzzing for logic issues"
- Yu Yang "tombkeeper" will be talking about DEP/ASLR bypass without ROP/JIT
- Peter Vreugdenhil @WTFuzz will be talking about the Adobe Reader XI Sandbox.
- @beist will be talking about Smart TV Security
- Rahul Sasi @fb1h2s - SMS to Meterpreter, Fuzzing USB Modems
- James Forshaw @tiraniddo - Reflecting on Reflection: Exploiting Reflection Vulns in Managed Languages (Java, .NET)
- Yuriy Bulygin, McAfee - Evil Maid Just Got Angrier: Why Full-Disk Encryption With TPM is Insecure on Many Systems
- Rob Beck - MS-SQL Post Exploitation Shenanigans: You're In, Now What?
- Chris Astacio, Websense - Shining Some Light on the Evolution of Blackhole
- CanSecWest 2013: Julia Wolf @foxgrrl - Analysis of a Windows Kernel Vulnerability: From Espionage to Criminal Use.