applied security conferences and training: CanSecWest | PacSec |


The CanSecWest conference was established in 2000. Archives of presented material may be found below.

Material Archives - 2018, 2017, 2016
                    2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008
                    2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000


Accelerating Canadian Cyber Innovation - Scott Jones, Senior Assistant Deputy Minister of IT Security, Communications Security Establishment (CSE)
Post exploit goodness on a Mainframe: SPECIAL is the new root - Ayoub Elaassal, PwC France
TPM Genie: Attacking the Hardware Root of Trust For Less Than $50 - Jeremy Boone, NCC Group
Reverse Engineering x86 Processor Microcode - Benjamin Kollenda and Philipp Koppe, Ruhr-University Bochum
Grandma's old bag, how outdated libraries spoil Android app security (update 2018) - Marc Schoenefeld
Forget NDIS, TDI or NIC Drivers : The Shadow Network Stack Hidden In Windows 8+ - Alex Ionescu
Tunnel War: Attack Android Through Multiple Hidden Interface - Hanxiang Wen (arnow117) and Jiashui Wang (Quhe), Ant Financial Light-Year Security Lab
Shellcodes are for the 99% - Bing Sun, Sr. Security Researcher at McAfee, Stanley Zhu, Sr. Security Researcher at Didi Chuxing, and Chong Xu, Sr. Director at McAfee
Chainspotting: Building Exploit Chains with Logic Bugs - Georgi Geshev and Rob Miller, MWR InfoSecurity
Analyzing & Breaking QNX Exploit Mitigations and PRNGs - Tobias Scharnowski and Jos Wetzels, Independent Security Researcher with Midnight Blue Labs
Exploring Qualcomm Baseband via ModKit - Peter Pi, XiLing Gong, and Gmxp, Tencent Security Platform Department
Detecting Reverse Engineering with Canaries - Collin Mulliner, co-author of The Android Hacker's Handbook.
Scalable Threat Hunting Strategies Built to Last - Dhia Mahjoub, Head of Security Research at Cisco Umbrella (OpenDNS), Thomas Mathew, Senior Security Researcher at Cisco Umbrella (OpenDNS), Scott Sitar, Technical Leader, Cisco Umbrella (OpenDNS)
UPnP: Unlimited Proxies and Pwnage - Waylon Grange, Senior Threat Researcher, Symantec
Social Engineering at Scale - Sara-Jayne Terp, AppNexus and Professor of Data Science at Columbia University
Blackhat Ethereum - Ryan Stortz and Jay Little, Trail of Bits, Inc
Attacks and Analysis of the Samsung S8 from Mobile PWN2OWN - Guang Gong and Jianjun Dai, Qihoo 360


2. Secure boot: they're doing it wrong.
- Scott Kelly, Netflix
3. Port(al) to the iOS core - Introduction to previous private iOS Kernel Exploitation Techniques
- Stefan Esser
4. Inside Stegosploit
- Saumil Shah
5. Privilege escalation on high-end servers due to implementation gaps in CPU Hot-Add flow
- Cuauhtemoc Chavez Corona + Rene Henriquez + Laura Fuentes Castaneda + Jorge Gonzalez Diaz + Jan Seidl, Intel
6. Microsoft's strategy and technology improvements for mitigating native remote code execution
- Matt Miller + David Weston, Microsoft
7. Lots of Squats: APTs Never Miss Leg Day
- Kyle Ehmke, ThreatConnect
8. Dig into the qemu security and gain 50+ CVE in one year
- Qiang Li + ZhiBin Hu + Mei Wang, Qihoo 360
9. Cyber WMD: Vulnerable IoT
- Yuhao Song, GeekPwn Lab & KEEN + Huiming Liu, GeekPwn Lab & Tencent Xuanwu Lab
10. Exploring Your System Deeper is Not Naughty
- Oleksandr Bazhaniuk, Yuriy Bulygin, Mikhail Gorobets, Andrew Furtak, John Loucaides, Intel Security
11. Low cost radio wave attacks on modern platforms
- Mickey Shakatov + Maggie Jaurequi, Intel
12. What if encrypted communications are not as secure as we think?
- Enrico Branca, OWASP
13. Attacking DSMx Spread Spectrum Frequency Hopping RC Drone Protcol
- Jonathan Andersson, Trend Micro
14. Touch-and-Go Elections - How convenience has taken over security, again.
- Harri Hursti
15. Pwning Nexus of Every Pixel: Chain of Bugs demystified
- Qidan He, KeenLab, Tencent
16. A platform base on visualization for protecting CAN bus security
- Jianhao Liu + Minrui Yan, SkyGo Vehicle Cyber Security Team, Qihoo 360
17. Automotive Intrusion Detection - Jun Li - Unicorn Team + Qing Yang
- founder & director of Radio Security Research Department and UnicornTeam, Qihoo 360

18. State of Windows Application Security: Shared Libraries
- Chuanda Ding, Xuanwu Lab, Tencent
19. How to find the vulnerability to bypass the Control Flow Guard
- Henry Li, Trend Micro
20. Logic Bug Hunting in Chrome on Android
- Georgi Geshev + Robert Miller, MWR InfoSecurity
23. Fuzzflow Framework and Windows Guided Fuzzing
- Richard Johnson, Cisco Talos
24. The Dark Composition (DComposition) of Win32k - Attacking the Shadow Part of Graphic Subsystem to Gain System Priviledge
- Peng Qiu + Shefang Zhong, Qihoo 360
25. Hijacking .NET to Defend PowerShell
- Amanda Rousseau, Endgame
26. Inspecting and injecting. IronPython and .NET DLR memory reflection blazing through hundreds of GB in no time.
- Shane Macaulay, IOActive
27. Escape from VMware Workstation by using "Hearthstone"
- Xinlei Ying + Qinghao Tang, Qihoo 360


Let's Talk about WiFi
- Dragos Ruiu
Exploits, 0days, and Bug Bounties
- Nicolas Joly, Microsoft
BadWinmail and Email Security
- Haifei Li + Chong Xu, Intel Security
WAVE YOUR FALSE FLAGS! - Deception Tactics Muddying Attribution in Targeted Attacks
- Brian Bartholomew + Juan Andres Guerrero-Saade, Global Research and Analysis Team (GReAT), Kaspersky Lab
APT Reports and OPSEC Evolution: These are not the APT reports you are looking for
- Gadi Evron / Sysman, Cymmetria
Bypassing application whitelisting in critical infrastructures
- Rene Freingruber, SEC Consult Unternehmensberatung GmbH
Hardsploit project : All-In-One Tool for Hardware Security Audit
- Julien MOINARD, Opale Security
Having fun with secure messengers and Android Wear
- Artem Chaykin, Positive Technologies
Sandbox Escape with Generous Help from Security Software
- Chuanda Ding, Tencent Xuanwu Lab
Getting Physical: Extreme abuse of Intel based Paging Systems
- Nicolas Economou + Enrique Elias Nissim, Core Security Technologies
Execute My Packet (Exodus of Shells from a Firewall)
- Alex Wheeler + Jordan Gruskonvjak, Exodus Intelligence
Attack and defense toolkits in High/Low frequency
- Haoqi Shan + Qing Yang, Qihoo 360 Unicorn Team
Pwn a Nexus device with a single vulnerability
- Guang Gong, Qihoo 360
Virtualization device emulator testing technology - Qinghao Tang, Qihoo 360 Marvel Team
Docker Escape Technology
- Shengping Wang, Qihoo 360 Marvel Team
Bypassing Different Defense Schemes via Crash Resistant Probing of Address Space
- Robert Gawlik, Ruhr University Bochum
Automatic Binary Constraint Solving: Automatic Exploit Generation
- Sophia D'Antoine, Trail of Bits
Don't Trust Your Eye: Apple Graphics Is Compromised!
- Liang Chen + Marco Grassi + Qidan He, Keen Labs Tencent
High Performance Zero Knowledge Binary Hooking and Tracing with ROP Hooks - with A-Trace (Eh-Trace)
- Shane "K2" Macaulay, IOActive
Smart Wars: Attacking Smart Locks with a Smart Phone
- Song Li, 0XiD LLC


Project Zero: Making 0days Hard
- Ben Hawkes, Chris Evans Google
Taming wild copies: from hopeless crash to working exploit
- Chris Evans @scarybeasts of Google's Project Zero
I see therefore I am.... You
- Jan "starbug" Krissler, T-Labs/CCC
Smart COM fuzzing tool - Explore More Sandbox Bypassing Surface in COM objects
- Xiaoning Li & Haifei Li, Intel
A new class of vulnerability in SMI Handlers of BIOS/UEFI Firmware
- John Loucaides & Andrew Furtak, Intel
Sexrets in LoadLibrary
- Yang Yu @tombkeeper, Tencent
Attacking WebKit Applications by exploiting memory corruption bugs
- Liang Chen of KeenTeam
Userland Exploits of Pangu 8
- Team Pangu @PanguTeam
Attacks on UEFI Security
- Rafal Wojtczuk & Corey Kallenberg
FreeSentry: Protecting against use-after-free vulnerabilities due to dangling pointers
- Yves Younan, Cisco (Sourcefire/VRT)
DLL Hijacking' on OS X? #@%& Yeah!
- Patrick Wardle @patrickwardle, Synack
Memminer: Real-Time Passive Volatile Memory Inspection Inside Virtual Machines
- John Williams, EY
NDIS Packet of Death: Turning Windows' Complexity Against Itself
- Nitay Artenstein, Checkpoint
How many million BIOSes would you like to infect?
- Corey Kallenberg & Xeno Kovah, LegbaCore
UEFI, Open Platforms and the Defender's Dillema
- Vincent Zimmer, Intel
Wolf in Sheep's Clothing: Your Next APT is Already Whitelisted
- Fabio Assolini and Juan Andres Guerrero-Saade
There's Something About WMI
- Christopher Glyer and Devon Kerr, Mandiant
Credential Assessment: Mapping Privilege Escalation at Scale
- Matthew Weeks, root9b
From baseband to bitstream and back again: What security researchers really want to do with SDR
- Andy Davis, NCC Group
Bootkit via SMS: 4G access level security assessment
- Kirill Nesterov and Timur Yunusov


Fighting Next-Generation Adversaries with Shared Threat Intelligence
Jacob West ; CTO - Enterprise Security Products, HP
USB Flash Storage Threats and Threat Mitigation in an Air-Gapped Network Environment
George Pajari ; HCIS
No Apology Required: Deconstructing Blackberry 10
Zach Lanier, Ben Nell ; Duo Security & Accuvant
Revisiting iOS Kernel (In)Security
Tarjei Mandt ; Azimuth Security
The Real Deal of Android Device Security: the Third Party
Collin Mulliner, Jon Oberheide ; Northeastern University, Duo Security
Exploring RADIUS
Brad Antoniewicz ; Foundstone/McAfee/Intel
Copernicus 2, SENTER the Dragon
Xeno Kovah, John Butterworth ; MITRE
All Your Boot Are Belong To Us
Corey Kallenberg, Yuriy Bulygin ; Intel, MITRE
Platform Firmware Security Assessment with CHIPSEC
John Loucaides, Yuriy Bulygin ; Intel
Keynote Presentation: Hon. Diane Finley br/> Federal Minister of Public Works and Government Services
Less is more, Exploring code/process-less techniques and other weird-machine methods to hide code (and how to detect them)
Shane Macaulay ; IOActive / Security Objectives
ROPs are for the 99%: A revolutionary bypass technology
Yang Yu a.k.a. "tombkeeper"; NSFOCUS Labs
Concurrency: a problem and opportunity in the exploitation of memory corruptions
Ralf-Philipp Weinmann; Comsecuris
Utilizing machine learning and DNS traffic to discover malware infections and C&C traffic
Brandon Niemczyk, Josiah Hagen, Jonathan Andersson
Exploit Detection
Haifei Li & Chong Xu ; McAfee a.k.a. Intel Security
Combating the Advanced Memory Exploitation Techniques: Detecting ROP with Memory Information Leak
Stanley Zhu and Chong Xu ; McAfee/Intel Security
Intelligent Use of Intelligence: Design to Discover
Ping Yan and Thibault Reuille ; OpenDNS
The Art of Leaks: The Return of Heap Feng Shui
Tao Yan a.k.a. "ga1ois" ; NSFOCUS Labs
Outsmarting Bluetooth Smart
Mike Ryan ; iSEC Partners


- DARPA's Peiter "mudge" Zatko
iOS6.1 - Exploitation 280 Days Later
- Stephan Esser (@i0n1c) Evil Maid Just Got Angrier: Why Full-Disk Encryption With TPM is Insecure on Many Systems
- Yuriy Bulygin, McAfee
Sandbox Escapes: When the Broker is Broken
- Peter Vreugdenhil (@WTFuzz)
Reflecting on Reflection - Exploiting Reflection Vulnerabilities in Managed Languages
- James Forshaw (@tiraniddo)
An Android Hacker's Journey: Challenges in Android Security Research
- Joshua J. Drake (@jduck1337)
Physical Privilege Escalation and Mitigation in the x86 World
- Oded Horovitz and Steve Weis (@sweis)
The Most Unusual APT
- Ryan McGeehan and Chad Greene, Facebook
DEP/ASLR bypass without ROP/JIT
- Yu Yang "tombkeeper"
SMS to Meterpreter - Fuzzing USB Modems
- Rahul Sasi (@fb1h2s)
Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage.
- Vladimir Katalov (@vkatalov), ElcomSoft
Desktop Insecurity
- Ilja van Sprundel & Shane "K2" Macaulay
Shining Some Light on the Evolution of BlackHole
- Chris Astacio, Websense
Project 53
- Dan Hubbard
Smart TV Security
- SeungJin Lee (@beist)
Godel's Gourd - Fuzzing for Logic Issues
- Mike "dd" Eddington (@sockstail)
MS SQL Post Exploitation Shenanigans: You're In, Now What?
- Rob Beck
Analysis of a Windows Kernel Vulnerability; From Espionage to Criminal Use
- Julia Wolf (@foxgrrl)
UPnP Vulnerabilities
- Daniel Garcia


Deep Boot
- Nicholas Economou & Andres Lopez Luksenberg, Core
Mapping the Pen Tester's Mind: 0 to Root
- Nick (Kizz MyAnthia) D, Rapid7
Social Authentication
- Alex Rice, Facebook
Advanced Persistent Responses
- Peleus Uhley, Adobe
Inside the Duqu Command & Control Servers
- Roel Schouwenberg Kaspersky Labs
Root Proof Smartphones, and Other Myths and Legends
- Scott Kelly, Netflix
Probing Mobile Operator Networks
- Colin Mulliner
Legal Issues in Mobile Security Research
- Marcia Hoffman, EFF
iOS5 - An Exploitation Nightmare?
- Stefan Esser
Hardware-involved software attacks & defenses
- Jeff Forristal, Intel
Intro to Near Field Communication (NFC) Mobile Security
- Corey Benninger & Max Sobeil, Intrepidus
HDMI - Hacking Displays Made Interesting
- Andy Davis, NGS
Unveiling LTE Security
- Dr. Galina D. Pildush, Juniper
Vulerability Analysis and Practical Data Flow Analysis & Visualization
- Jeong Wook Oh, Microsoft
Playing with Network Layers to Bypass Firewalls' Filtering Policy
- Eric Leblond
New Threat Based Chinese P2P Network
- Jun XieMcAfee Labs
Scrutinizing a Country using Passive DNS an Picviz
- Sebastien Tricaud and Alexandre Dulanoy
The WOW Effect
- Christien Wojner


Network Application Firewalls vs. Contemporary Threats
- Brad Woodberg, Juniper
Black Box Auditing Adobe Shockwave
- Aaron Portnoy, Logan Brown, Tipping Point / H.P. Zero Day Initiative
SMS-o-Death: From Analyzing To Attacking Mobile Phones on a Large Scale
- Nico Golde and Collin Mulliner, TU-Berlin
Runtime Firmware Integrity Verification: What Can Now Be Achieved
- Yves-Alexis Perez and Loic Duflot, ANSSI
The Law of Web Application Hacking
- Marcia Hofmann, EFF
Is Your Gaming Console Safe?: Embedded Devices, an AntiVirus-free Safe Hideout for Malware
- DongJoo Ha and KiChan Ahn, AhnLab Inc and Korea Financial Telecommunications & Clearings Institute
Dymanic Cryptographic Trapdoors
- Eric Filiol, ESIEA Laval CVO Lab & French DoD
Understanding and Exploiting Flash ActionScript Vulnerabilities
- Haifei Li, Fortinet
Chip & PIN is Definitely Broken
- Andrea Barisani and Daniele Bianco, Inversepath
iPhone and iPad Hacking
- Ilja van Sprundel, IOActive
Welcome To Rootkit Country
- Graeme Neilson, Aura Software Security
Project Ubertooth: Building a Better Bluetooth Adapter - Michael Ossmann, Great Scott Gadgets
Borken Fonts: The Story of Naive Parsers and Attacker Controlled Reboots
- Marc Schönefeld, Red Hat
Deconstructing ColdFusion
- Chris Eng & Brandon Creighton, Veracode
Stale Pointers Are The New Black
- Vincenzo Iozzo and Giovanni Gola, Zynamics GmbH
A Castle Made of Sand: Adobe Reader X Sandbox
- Richard Johnson, Sourcefire
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
- Dan Kaminski, Adam Cecchetti and Mike Eddington, Doxpara & Deja Vu Security
Security Defect Metrics for Targeted Fuzzing
- Dustin Duran, Matt Miller, David Weston, Microsoft
GRAPE: Generative Rule-based Generic Stateful Fuzzing
- Nicholas Green, FourteenForty
IPv6 Implementation and Security Round Table - A Moderated Disagreement or a Chorus?
- David Shinberg, Marc "van Hauser" Heuse, Guillaume Valadon


Internet Nails
Marcus Ranum, Tenable
Under the Kimono of Office Security Engineering
- Tom Gallagher & David Conger, Microsoft
Automated SQL Ownage Techniques
- Fernando Federico Russ, Core
Can you still trust your network card?
- Yves-Alexis Perez & Loïc Duflot
SEH overwrite and its exploitability
- Shuichiro Suzuki, Fourteenforty
There's a party at ring0, and you're invited.
- Julien Tinnes & Tavis Ormandy, Google
Babysitting an army of monkeys: an analysis of fuzzing 4 products with 5 lines of Python
- Charlie Miller, Independent Security Evaluators
ShareREing is Caring
- Halvar Flake and Sebastian Porst, zynamics GmbH
Cisco IOS Exploitation with IODIDE
- Andy Davis, KPMG
Random tales from a mobile phone hacker
- Collin Mulliner
Legal Perspectives of Hardware Hacking
- Jennifer Granick, EFF
Stuff we don't want on our Phones: On mobile spyware and PUPs
- Jimmy Shah, McAfee, Inc
Practical Exploitation of Modern Wireless Devices
- Thorsten Schroeder and (contributing) Max Moser, Dreamlab Technologies
RFID Hacking at Home
- Dr. Melanie Rieback, Vrije Universiteit Amsterdam
Advanced Mac OS X Physical Memory Analysis
- Matthieu Suiche
Full Process Analysis and Reconstitution of a Virtual Machine from the Native Host
- James Butler, MANDIANT
Through the Looking Glass: An Investigation of Malware Trends and Response Activity
- Jeff Williams, Microsoft
The Jedi Packet Trick takes over the Deathstar: taking NIC backdoors to the next level
- Arrigo Triulzi, Independent Security and Networking Consultant


Writing User Friendly Exploits
- Skylar Rampersaud, Immunity
The Smart-Phones Nightmare
- Sergio 'shadown' Alvarez
A Look at a Modern Mobile Security Model: Google's Android
- Jon Oberheide, University of Michigan
Multiplatform Iphone/Android Shellcode, and other smart phone insecurities
- Alfredo Ortega and Nico Economou, Core
Decompiling Dalvik and other JavaFX
- Marc Schoenefeld
An overview of the state of videogame console security
- Victor Muñoz
Persistent BIOS Infection
- Anibal Sacco & Alfredo Ortega, Core
Getting into the SMRAM: SMM Reloaded
- Loíc Duflot
Sniff keystrokes with lasers/voltmeters: Side Channel Attacks Using Optical Sampling of Mechanical Energy Emissions and Power Line Leakage
- Andrea Barisani & Daniele Bianco, Inverse Path
Hacking Macs for Fun and Profit
- Dino Dai Zovi & Charlie Miller
Bug classes we have found in *BSD, OS X and Solaris kernels
- Christer Oberg and Neil Kettle, Convergent Network Solutions
Exploiting Unicode-enabled software
- Chris Weber, Casaba Security
Chinese Infosec & Malware Overview
- Wei "icbm" Zhao, 365menshen
Platform-independent static binary code analysis using a meta-assembly language
- Sebastian Porst & Thomas "halvar" Dullien, zynamics
Binary Clone Wars: Software Whitelisting for Malware Prevention and Coordinated Incident Response
- Shane Macaulay, Sean Comeau, and Derek Callaway, Security Objectives
Network design for effective HTTP traffic filtering
- Jeff "rfp" Forristal, Zscaler
The Evolution of Microsoft's Exploit Mitigations
- Matt Miller and Tim Burrell, Microsoft
Automated Real-time and Post Mortem Security Crash Analysis and Categorization
- Jason Shirk & Dave Weinstein, Microsoft
Ninja Scanning
- Fyodor,
Kicking It Old School: No DNS Packets Were Harmed In The Making Of This Presentation
- Dan Kaminski, IOActive
SSL, The Sequel: MD5 collisions and EV certificates
- Alexander Sotirov & Mike Zusman


Marty Roesch - Sourcefire
Snort 3.0
Rich Cannings - Google
Cross-Site Scripting Vulnerabilities in Flash Authoring Tools
Jan "starbug" Krissler & Karsten Nohl - CCC
Proprietary RFID Systems
Mark Dowd & John McDonald - IBM ISS
Media Frenzy: Finding Bugs in Windows Media Software
Rob Hensing - Microsoft
Targeted Attacks and Microsoft Office Malware
Oded Horovitz - VMWare
Virtually Secure
Frédéric Raynal - Sogeti/Cap-Gemini
Malicious Cryptography
Thierry Zoller and Sergio Alvarez - n.runs
The Death of AV Defense in Depth? Revisiting Anti-Virus Software
Sun Bing
VMWare Issues
Sebastien Tricaud and Pierre Chifflier - INL
Intrusion Detection Systems Correlation: a Weapon of Mass Investigation
Dan Hubbard and Stephan Chenette - WebSense
Web Wreck-utation
Marcel Holtmann - Intel
Secure programming with gcc and glibc
olleB -
Mobitex network security
Michael Eddington - Leviathan
Peach Fuzzing
Charlie Miller - Independent Security Evaluators
Fuzz by Number
Frank Marcus & Mikko Varpiola - Wurldtech / Codenomicon
Fuzzing WTF? What Fuzzing Was, Is And Never Will Be.
Kowsik Guruswamy - Mu
Vulnerabilities Die Hard
Dan Grifin - JW Secure
Hacking Windows Vista
Philippe Lagadec - NATO/NC3A
ExeFilter: a new open-source framework for active content filtering
Eric Hacker - BT INS
VetNetSec: Security testing for Extremists
Andres Riancho - Cybsec
w3af: A framework to own the web
Scott K. Larson - Stroz Friedberg
A Unique Behavioral Science Approach to Threats, Extortion and Internal Computer Investigations


Barnaby Jack - Juniper
Exploiting Embedded Systems - The Sequel!
Andrea Barisani & Daniele Bianco - Inverse Path
Unusual Car Navigation Tricks
Jim Hoagland - Symantec
Vista's Network Attack Surface
Mark Russinovich - Microsoft
Vista Internals: User Account Control, Protected-Mode IE, and Bitlocker
Adam Laurie - Trifinite
Jose Nazario, PhD. - Arbor
Reverse Engineering Malicious Javascript
Ilja van Sprundel
Unusual bugs (2007 Edition, With More Flavor and Less Calories!)
Luis Miras
Other Wireless: New ways to get Pwned
Nicolas Fischbach - COLT
NGN - Next Generation Networks (err... Nightmare) ?
Marcel Holtmann - Red Hat
Wii Control You
Su Yong Kim & Do Hoon Lee - NSRI, Seong Deok Cha, KAIST
Playing with ActiveX controls
Ron Gula - Tenable
Good and Bad Uses of Vulnerability Data
Tavis Ormandy - Google
An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments
Michael Geide - United States Department of Homeland Security
A Network Analysis Manifold
Philippe Biondi & Arnaud Ebalard - EADS
Fun with IPv6 routing headers
HD Moore - BreakingPoint Systems
Live Free or Hack Hard: Metasploit 2007
Tim Vidas - University of Nebraska
Post-Mortem RAM Forensics
Roelof Temmingh
I know what you (and your company) did last summer...
Jonathan Wilkins - iSec Partners
ScarabMon: Automating Web Application Pentests
Richard Gowman & Eldon Sprickerhoff - eSentire
Black Box Analysis and Attacks of Nortel VoIP Implementations
Michael Sutton - SPIDynamics
Smashing Web Apps: Applying Fuzzing to Web Applications and Web Services
V. Anil Kumar - National Aerospace Laboratories, Bangalore
Low-Rate Denial-of-Service attacks


van Hauser THC / n.runs GmbH
Attacking the IPv6 protocol suite
Jim DeLeskie & Danny McPherson - Teleglobe, Arbor Networks
Protecting the Infrastructure
Steve Lord
An hour of Rap and Comedy about SAP - Mo' Budget, Mo' Problems
Edward Balas & Mike Davis - Indiana University
Next Generation Sebek
Tim Johnson - Technical Security Consultants Inc.
RF Technical Security Counter Measures
Major Malfunction
Magstripe Madness
HD Moore - BreakingPoint
Metasploitation (and a dash of IPS)
Nico Fischbach - COLT
Carrier VoIP Security
Hendrik Scholz - Freenet Cityline GmbH
Attacking VoIP Networks
Lo�c Duflot
Security Issues related to Pentium System Management Mode
Christopher Abad - Cloudmark
Advancements in Anonymous eAnnoyance
Josh Ryder - University of Alberta
Real Time Threat Mitigation Techniques
Crispin Cowan - Novell
Stunt Profiling: Securing a System While You Wait
Lisa Thalheim
Visualizing source code for auditing
Alex Stamos, Scott Stender iSEC Partners -
Attacking Web Services
Alexander Sotirov - Determina
Reverse Engineering Microsoft Binaries
Fred Arbogast and Sascha Rommelfangen - S.E.S. Astra
Zen and the art of collecting and analyzing Malware
Renaud Bidou - RADWare
How to test an IPS
Dennis Cox - BreakingPoint
Insiders View: Network Security Devices
Halvar Flake
More on Uninitialized Variables
Eric Byres - BCIT
Security Testing SCADA and Control Systems
Julien Tinnes, Yoann Guillot - France Telecom R&D
Windows HIPS evaluation with Slipfest
Panel Discussion
Vulnerability Commercialization


Christopher Abad
New Security Analysis Techniques
Philippe Biondi
Packet generation with scapy
Cesar Cerrudo
Windows Internals
Ga�l Delalleau
Large Memory Usage
Cedric Blancher
Mobile Workstations, mitigating the crawling trojans
Maximillian Dornseif
0wn3d by an iPod: Firewire/1394 Issues
Hiroaki Eto
Stack Protection Systems (ProPolice, XP SP2...)
Nicolas Fischbach - COLT
The Use of Network Flows in Security
Halvar Flake
Binary Difference Analysis
Fyodor -
Hacking NMAP and mapping techniques
Fernando Gont
ICMP Attacks
Job de Haas
Mobile Phone Symbian OS Security
Barnaby Jack - eeye
Step into Ring 0
Shane "K2" Macaulay & Dino Dai Zovi - Bloomberg
Rogue Access Points
Brian Martin & Jake Kouns
OSVDB & Vulnerability Databases
David Maynor
0wn3d by everything else: USB/PCMCIA Issues
H D Moore & spoonm
Advances in Exploit Technology
Marty Roesch - Sourcefire
Target Based IDS and Snort Roadmap
Mike Schiffman
The Common Vulnerability Scoring System
Window Snyder - Microsoft
XPSP2 Internals
Alex Wheeler & Neel Mehta
Anti-Virus Issues


Lance Spitzner
Why Honeypots Suck
Jun-Ichiro "itojun" Hagino
IPV6 Security
Ollie Whitehouse
Bluetooth: Red Fang, Blue Fang
Laurent Oudot
Towards Evil Honeypots? When they bite back
Phillipe Biondi
Shellforge NextGen: Shellcodes for everybody and every platform
Greg Taleck
New methods in OS Fingerprinting / TCP stack testing
Danny McPherson & Paul Quinn
Sink Hole Networks
H.D. Moore
Exploiting the Metasploit Framework
Ulf Mattsson
A real time intrusion prevention system for enterprise databases
Matthew "shok" Connover & Oded Horovitz
Reliably Exploiting Windows Heap Overflows
Paul Watson
Slipping in the Window: TCP Reset Attacks
Marty Roesch
Your Network is Talking, are you Listening?
Stefano Zanero
Unsupervised Learning Techniques / Data Mining for Intrusion Detection
Rakan "xvr" El-Khalil
Information hiding in binaries
Binary difference analysis.
Michael Richardson
Opportunistic Encryption
Tom Ptacek
Something Cool
Theo DeRaadt
Sharad Ahlawat
Panel Session
Internet Legal Issues


Advanced network reconnaissance techniques
Neel Mehta & Shaun Clowes
Advances in ELF binary runtime encryption
Dan Kaminsky
Strange cool things about TCP/IP
Oded Horovitz
Memory Access Detection
Lance Spitzner
Evolutions in honeypot technology
Theo DeRaadt
Advances in OpenBSD
Ron Gula & Renaud Deraison
Distributed Vulnerability Scanning
Jed Haile
IDS data correlation
Jose Nazario
Internet trust evaluation using distribtion statistics
Fx of Phenoelit
Attacking networked embedded systems
Jeff Nathan & Brian Caswell
Developments in IDS technology
Gary Golomb
Defeating Forensic Analysis
Halvar Flake
Automated bug detection


Oliver Friedrichs & Alfred Huger - Security Focus
Oliver and Alfred spoke about the back end analysis system of their ARIS product
Crispin Cowan - WireX Communications
The Linux Security Module project, Immunix and it's components: StackGuard, FormatGuard, and RaceGuard
David Dittrich - University of Washington
Forensics and the latest security fun and games at UW
Dug Song - Arbor Networks
A sequel to fragrouter: New IDS evasion techniques
HD Moore - Digital Defense
Passive analysis and distributed security scanning using Nessus
Ivan Arce - Core SDI
Automated penetration testing with CORE Impact
Jed Haile - Nitro Data Systems
Hogwash: A snort based Gateway Intrusion Detection System(GIDS)
Jonathan Wilkins - Microsoft
Layer 2 hijacking attacks with Taranis
jobe - w00w00
Buffer Overflows: A cumulative review: It's not just %i7/%eip anymore
Jeff Nathan & Brian Caswell
IDS technology and experiences in deploying very large distributed IDS systems
Halvar Flake - Blackhat Consulting
Graph based binary analysis
Lance Spitzner - Sun Microsystems
Setting up Honeypots and Honeynets
Marty Roesch - Sourcefire
Enterprise IDS deployment and IDS OpenSnort Console
Matthew "Shok" Conover - w00w00/Entercept Security Technologies
.NET and utilities to play with it
Mike Schiffman & Dave Pollino - @stake
Wireless security and wireless auditing
Niels Provos - University of Michigan
Ofir Arkin - @stake
VoIP security: Cracking SIP - Security Problems with VoIP Architecture
Rain Forrest Puppy - Wiretrip Labs
Assessing the web: finally some tools that are worthy
Richard Salgado - United States Department of Justice
Policy and procedure changes at the FBI and DOJ and Q&A about regulatory and operational changes with the recent DMCA and anti-terrorism legislation
Sebastien Lacoste-Seris & Nicolas Fischbach -
IP network infrastructure(s) in Cisco environment: attacks and defenses
Silvio Cesare - Qualys
Reverse engineering of the RST.b remote shell trojan linux virus, and virii anti-reverse engineering tactics and how to foil them
Simple Nomad - Bindview
I want to be a Ninja Stealth Cyberterrorist - hypothetical scenarios for stealthy internet communications and other case studies
Solar Designer & Rafal Wojtczuk - Openwall Project
Openwall GNU/*/Linux (Owl) security enhanced distribution


Presentation Archives

Renaud Deraison, author of Nessus, spoke about the Nessus attack scanner, giving an overview of scanner operations and a tutorial on Nessus Attack Scripting Language (NASL).

Martin Roesch, author of the popular Snort Intrusion Detection System (IDS), spoke about new developments in IDSes.

Dug Song of Arbor Networks, author of many famous networking tools. Spoke about monkey in the middle attacks on encrypted protocols such as SSH and SSL.

Rain Forest Puppy spoke about assessing the web, with demonstrations of several new (previously unreleased) rfp.labs web tools and other surprises in his inimitable style.

Mixter of 2XS, author of several widely used distributed tools and some popular security whitepapers gave about "The future of distributed applications" and explained the key elements of peer-to-peer networks, discussing a few examples/possibilities of distributed technology, and related security problems in distributed networks.

K2 of w00w00 presented his new ADMutate, a multi-platform, polymorphic shell-code toolkit and libraries for detection evasion.

Matthew Franz of Cisco, author of Trinux discussed a comprehensive security model (including tools and techniques) for conducting security evaluations of firewalls, VPNs, and other networked devices.

Lance Spitzner of Sun presented more of the HoneyNet group's findings, including watching Romanian hackers on their own web cam while they were hacking one of his honeypots for their botnet.

Theo de Raadt is the principal architect of the OpenBSD operating system project. He spoke about file globbing vulnerabilities.

Fyodor of, author of the popular nmap network scanner, talked about new mapping and scanning tools and techniques.

HD Moore of Digital Defense gave a talk about his more esoteric NT/Win2k penetration test tricks in a presentation called "Making NT Bleed." He will covered some of the procedures he has had to develop during the course of cracking multiple systems for customers daily.

Jay Beale of MandrakeSoft, author the Linux Bastille scripts and Security Team Director at MandrakeSoft, spoke about securing Linux.

Kurt Seifried formerly of, explored issues surrounding cryptography... a "two edged sword" including PKI, SSH and SSL.

Dave Dittrich of The University of Washington, author of many famous forensic analyses and UW Senior Security Engineer, gave a talk about finding intruders, and tracing their actions through the trails they leave on penetrated systems.

Robert Graham, CTO of NetworkICE, discussed IDS operations and decoding technology, illustrating with exploits including his new "sidestep" utility during live demonstrations of the BlackICE Sentry IDS system and other IDSes like snort.

Sebastien Lacoste-Seris and Nicolas Fischbach of COLT Telecom AG, editors of the French site, discussed the rollout of Kerberos across their company and hosting center using Kerberized SSH and Kerberos V5 across Unix/Cisco/Win2k platforms to provide strong authentication with SSO capabilities, their experiences, and what potential problems and limitations they faced.

Andrew Reiter and Christopher Abad, R&D Engineers with Foundstone Inc., spoke about format string vulnerabilties with emphasis on the win32 environment.

Gary Golomb of Enterasys presented a talk about tools like NT Rootkit and the fact that a lot of the DDOS clients don't need a full three way handshake to establish a session.

John Tan, a research scientist from @stake gave a talk entitled Forensic Readiness: Strategic Thinking on Incident Response.

Andrew R. Baker is a senior software engineer at farm9. He talked about advanced Snort techniques.


Presentation Archives

Ron Gula of Network Security Wizards, an Ex-U.S. government computer security analyst, who founded Network Security Wizards and authored the Dragon intrusion detection system. Ron discussed intrusion detection sensors, drawing upon his large base of practical experience in the area.

Ken Williams of Ernst & Young [editors note: now eSecurity Online] The creator of famous hacker super-site packetstorm The infamous "tattooman" gave some pointers on NT security.

Marty Roesch of Sourcefire author of the popular snort intrusion detection system and senior software engineer on the "ARMOR" intrusion detection system. He talked about good ways to snort out intruders.

rain.forest.puppy of, a noted security analyst, covered the latest exploits and how to protect against them.

Theo DeRaadt, the leader of the OpenBSD secure operating system project talked about securing operating systems.

Fyodor of and author of the award winning nmap security scanner and several seminal papers describing techniques for stealth port scanning and OS detection via TCP/IP stack fingerprinting. Fyodor demonstrated the use of nmap to identify subtle security vulnerabilities in a network.

Lance Spitzner of Sun Microsystems graciously agreed to hop on to the CanSecWest speaking roster at the last minute to substitute for Max Vision due to legal difficulties. Lance discussed intruder forensics, stealth information gathering and passive monitoring of intruders to your systems. He will demonstrate this using actual intrusion traces of break-ins to his systems at home.

Dragos Ruiu Presented some security tutorials and is the guy who started all this shit...