Interact with the security community
CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
The conference is single track, with one hour presentations over the duration beginning at 9:00 a.m. The registration fee includes the catered meals, and there will be a vendor display and lounge/eating area, where wireless internet access will be available (as well as in the speaking theater). The conference discount hotel room booking system can be found here.
Mar 5, 2017: We are experiencing some issues on our email system. If you need to contact us via email, please check Contact Page.
We are happy to announce that we are honored to have Dr. Michael A. VanPutte, Ph.D, CISSP, author of Walking Wounded: Inside the U.S. Cyberwar Machine as a keynote speaker this year, with talk title "Cyberwar and other modern myths".
Other speakers confirmed at the moment:
- Harri Hursti : "Touch-and-Go Elections - How convenience has taken over security, again."
- Mickey Shkatov : "Low cost radio wave attacks on modern platforms" A very simple attack vector that remains relevant to the vast majority of electronic systems is electro-magnetic interference (EMI).
- Qidan He : "Pwning Nexus of Every Pixel: Chain of Bugs demystified"
- Minrui Yan & Jianhao Liu : "A platform base on visualization for protecting CAN bus security"
- Jun Li : "CAN-Bus & Automotive Intrusion Detection"
- Oleksandr Bazhaniuk, Yuriy Bulygin, Mikhail Gorobets, Andrew Furtak, John Loucaides : " Exploring Your System Deeper is Not Naughty" CHIPSEC framework
Running a little late this year with some unexpected schedule hiccups. But to make sure folks get a chance to look at the information and get the January rates, we are extending those to Feb 3. The final dojo list is up, and treading dangerously past our new course limits, we have added a number of new dojos. But some of those are rule cheats because they are our existing instructors modifying old courses :
- Jonthan Andersson has moved from the SDR courses to "Hijacking Drones: Reversing DSMx"
- Saumil Shah has updated his exploit development power up to focus on ARM Exploits
- Joe FitzPatrick has a new training focused on embedded systems
- Nikhil Mittal has updated Powershell-fu
- Ashfaq "HackSysTeam" Ansari joins us for his Windows Kernel magic training.
- Vikram Salunke is joining us with a new four day courses targeted as pentesting corporate infrastructure.
- Stephan Esser, as usual keeps a close pace to the Apple development march and constantly updates his material.
- Marc "van Hauser" Heuse tells us this is the last time he will offer his ipv6 course in North America. (!)
- Guillaume Valadon has his powerful scapy and ipv6 tools and techniques course.
- Adam Laurie brings his excellent RFID training, still holding strong as a super valid set of information and techniques and Adam is running it twice.
- Blessen Thomas and Gordon Gonsalves are bringing their Android focused training.
- Scott Lambert will be teaching Advanced Malware Deobfuscation
- Dawid Czagan will be teaching Hacking web applications: case studies of award-winning bugs in Google, Yahoo, Mozilla and more
We are starting to notify CFP submissions. The following presentations have been announced:
- Sandbox Escape with Generous Help from Security Software - Chuanda Ding, Tencent Xuanwu Lab
- Don't Trust Your Eye: Apple Graphics Is Compromised! - Liang Chen and Marco Grassi, Keen Labs Tencent
- Bypassing Different Defense Schemes via Crash Resistant Probing of Address Space - Robert Gawlik
- APT Reports and OPSEC Evolution: These are not the APT reports you are looking for. - Gadi Evron, Cymmetria
January Dojo registration rates finish soon, and we have several courses that have been updated and one new one from Nikhil Mittal, "PowerShell for Penetration Testers" that will have registration online for shortly. These courses have been updated with material to reflect the ever changing information security technoscape:
- Stephan Esser's iOS/OSX Dojo has been updated with information on Apple's latest El Capitan, and the modifications to their security model it introduces.
- Marc Schoenefeld's Java security course has been refreshed with the latest advances.
- Both Marc Heuse's and Guillaume Valadon's complementary IPv6 security trainings have updated.
- Andrea Barisani's and Andrej Rosano's ARM Trust zone course has been updated witht heir latest advances from their USB Armory R&D.
- Adam Laurie has updated his RFID/NFC course material with new advances.
- Brandon Niemczyk and Jonathan Andersson, have improved even further their applied lab excercises for their SDR course.
- Dawid Czagan has added the latest web hacking techniques to his course.
The dojo registration links are active, including three new two day courses and one revamped four day course, as well as our regular lineup of excellent material taught by industry luminaries to empower your security technology level. Two sessions of a course on securing hardware called Applied Physical Attacks on x86 Systems from Joe Fitzpatrick are available, and our regular instructors Scott Lambert and Jason Geffner, who also do the Introductory and Advanced Malware Deobfuscationr courses, have a new course about Nation-State Sponsored Targeted Attacks, which is very timely as this has emerged as a new significant threat vector recently. John Butterworh is offering a new course on securing UEFI BIOS in Introductory BIOS & SMM Attack & Defense and Saumil Shah has updated his always popular four day Exploit Lab course to focus on the ARM platform in the ARM Exploit Lab which is also emerging as an important new area of security technology.
Joe's hardware course Applied Physical Attacks on x86 Systems
Applied Physical Attacks on x86 Systems This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. The course has several modules: USB, SPI/BIOS, I2C/SMBus, PCIe, and JTAG. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells. Based on the pace and interest of the attendees, not all material may fit in 2 days but will still be available to attendees.
Scott and Jason's APT analysis course Nation-State Sponsored Targeted Attacks
RSA, Google, The New York Times, Lockheed Martin, Coca-Cola, Northrop Grumman, The Wall Street Journal, Kaspersky, the list goes on and on of companies that have been recently infiltrated via Advanced Persistent Threats (APTs). Nation-state adversaries and organized crime groups have been waging a digital war on major companies and government agencies over the last several years and the quantity and complexity of these attacks continues to accelerate at a rapid pace. In order to prevent and respond to APTs, it is critical to understand the attackers' motives and methods. This course follows the theatrical narrative of a fictional attack on a major defense contractor and puts the student in the action seat. Students work with a team of supporting characters throughout the class in order to analyze and learn about the tactics, techniques, and procedures used during an APT intrusion. This is a hands-on course. Attendees will analyze real-world malware used by real-world nation-state adversaries during the APT response in order to track down the adversary behind the attack and understand the havoc wreaked on the victim's network.
John Butterworth's Introductory BIOS & SMM Attack & Defense
UEFI BIOS is firmware where the sophisticated attacker can live unseen and unfettered. This class covers why the BIOS is critical to the security of the platform. It will also show you how the BIOS may be compromised and what capabilities and opportunities are provided to the attacker when it is. You will be provided tools for performing vulnerability analysis on firmware, as well as firmware forensics. Additionally, this class will introduce people UEFI firmware reverse engineering. This can be used either for vulnerability hunting, or analyzing suspected implants found in a UEFI BIOS, without having to rely on anyone else.
Saumil Shah's ARM Exploit Lab
ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The all new ARM Exploit Laboratory is a 4-day intermediate level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers everything from an introduction to ARM assembly all the way to Return Oriented Programming (ROP) on ARM architectures. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM Linux and Windows environments. The 4-day format features lots of hands-on exercises allowing students to internalize concepts taught in class.
We have special rate for our conference attendees at Sheraton Wall Centre (our conference hotel).
If you would like to take this opportunity, please go to the link below and reserve your room, then you should be able to get the room with conference special rate which is CDN $175/night (the price includes high speed internet connection in your room plus additional benefits as below).
We sell out all of the rooms every year and we will close the link pretty soon, so please make sure to book your room early enough.
Guests who book from our group rate can get these benefits(not applicable for out of block bookings):
- Complementary Hi-Band in room Internet (4Mbps, Regular price additional $18.95 per night)
- Complementary Bottled water within guestrooms for the duration of the conference (Valued at $10 per day)
- Complementary Communication bundle (includes HSIA, local/1-800 calls) for each guestroom (Valued at $1.60 access charge for calls up to 60 minutes and $0.10 for each additional minute up to 90th minute)
- A voucher to use in Cafe One or Bar One (in the hotel) for a 10% discount off the menu (excludes alcohol)
- Complimentary Health Club Access
- Free of charge cancellation until the day of arrival 6pm
- Earn SPG points
Have a Happy New Year from us to all of you, your families, and friends. Speaker Proposals are being reviewed, Dojo classes will be announced and available for registration, and rooms are available at the CanSecWest conference hotel.
The PWN2OWN 2015 rules are available here. The contest will run concurrently to the conference in the Pwn2Own room on March 18th - 19th. Prizes from HP range from $25,000 to $75,000 with an additional $10,000 for exploitation of Chrome provided by Google Project Zero. Registration via email at email@example.com closes at 5pm PST March 16th, 2015. Total prizes (cash and non-cash) this year total more than one million dollars.