CanSecWest 2024
In-Person and On-Line Conference
Our fourth ever offering of both in-person and on-line of the CanSecWest conference. Twenty presentations were presented over three days (March 20 to 22, 2024). These presentations were preceded and succeeded by an offering of 24 DOJOs.
List of Presentations
For more details on the Presentations, please go here.
Armored Witness: Building a Trusted Notary for Bare Metal, Andrea Barisani
Electric Vehicle Chargers: Observations from Pwn2Own Automotive 2024, Jonathan Andersson
The Cat is Out of the Bag: Regulating AI in Canada, Anna Manley
Developing Secure Software in 2024, Joshua Drake
The DL on LLM Code Analysis, Richard Johnson
Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS/iOS, Dillon Franke
Applying Physical Discipline to Cybersecurity Challenges, David Shinberg
Fuzzing SMB, Ilja VanSprundel
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools, Alon Leviev
Successfully Fuzzing High Value Targets with Low tech Strategies, Marc Schoenefeld
Rolling in the Dough: How Microsoft Identified and Remediated a Baker’s Dozen of Security Threats in the Windows DNS Server, George Hughey and Arif Hussain
Rooting Android Devices in One Shot: Simple Bug, Complex Exploit (incl. Memory Tagging Extension), Yong Wang
Death by a Thousand Cuts: Compromising Automotive Systems via Vulnerability Chains, Linfeng Xiao, Qican Ma, RapidDNS
Glitching in 3D: Low Cost EMFI Attacks, Matthew Alt
There will be Bugs: Exploiting Basebands in Radio Layer Two, Daniel Komaromy
URB Excalibur: The New VMware All-Platform VM Escapes, Yuhao Jiang, Xinlei Ying
Malice in Chains: Supply Chain Attacks using Machine Learning Models, Marta Janus
List of DOJOs
For more details on the DOJOs below, please go here.
Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation by Dawid Czagan
Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access. (3 DAY Version) by Dawid Czagan
Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access by Dawid Czagan
Windows Kernel Exploitation: Advanced by Ashfaq Ansari
Windows Kernel Exploitation: Foundation by Ashfaq Ansari
Media Effects used in Influence Operations by Krassimir Tzvetano
Advanced Offensive GraphQL Security Training by Nick Aleks and Jared Meit
Teaching Burp to Speak GraphQL: Automated Security Scanning of Your GraphQL API with Burp by Jared Meit
Artificial Intelligence for Cybersecurity Professionals by John Bambenek
OPSEC for Investigators and Researchers by Krassimir Tzvetanov
Beginner C2 with Sliver by Peter Greko, Kellian Hunt, Luciano Krigun
Attacking and Defending Linux, Kubernetes and Docker by Jay Beale
Foundational GraphQL API Attack Surface Training by Nick Aleks and Jared Meit
x86-64 Assembly by Xeno Kovah
C/C++ Implementation Vulnerabilities Part 1 by Xeno Kovah
C/C++ Implementation Vulnerabilities Part 2 by Xeno Kovah
x86-64 Intel Firmware Attack and Defense by Xeno Kovah
Xeno's All You Can Learn Buffet! by Xeno Kovah
RISC-V Assembly by Xeno Kovah
x86-64 OS Internals by Xeno Kovah
Rust for Security Engineers by Tim McNamara
StealthOps: Red Team Tradecraft Targeting Enterprise Security Controls by Yash Bharadwaj
Hunting the Adversary: Applying Cyber Threat Intelligence by John Bambenek
Attacking Hybrid Multi-Cloud Environment by Manish Kumar Gupta