CanSecWest 2022 Workshops
Practical Mobile App Attacks By Example
If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff :)
Attendants will be provided with training portal access to practice some attack vectors, including multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS. This includes: Lifetime access to vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises.
Hacking JavaScript Desktop Apps with XSS and RCE
JavaScript Desktop apps share traditional attack vectors and also introduce new opportunities to threat actors. This workshop will teach you how to review JavaScript desktop apps, showcasing Node.js and Electron but using techniques that will also work against any other desktop app platform. Ideal for Penetration Testers, Desktop app Developers as well as everybody interested in JavaScript/Node.js/Electron app security.
Practical CodeQL for Auditors
In this workshop, I will get you up and running with CodeQL and help you avoid common pitfalls that often lead new users to abandon attempts to use the tool. We will focus not on solving the halting problem, but on translating simple but effective auditing ideas into queries that will let you navigate a target codebase.
Security Lessons from CoVID-19
Lessons, or reminders, of important information security operations concepts which have been pointed out by the CoVID-19 pandemic crisis. Using the SARS- CoV-2/CoVID-19 pandemic as a giant case study, and structured by the domains of information security, this looks at security aspects of the crisis, pointing out specific security fundamentals where social, medical, or business response to the crisis failed, or needed to make specific use of those concepts.
An Introduction to ARM Assembly and Shellcode
This workshop is a hands-on crash course on ARM Assembly Language and writing simple shellcode from the ground up.
Hands On EMUX: Emulating ARM and MIPS IoT Firmware
EMUX (formerly known as ARMX) has been under regular development for over 5 years. The latest release brings MIPS emulation capabilities to the framework, expanding the set of targets that can be emulated.