CanSecWest 2022 Hybrid Conference
Our second ever offering of both in-person and on-line of the CanSecWest conference. Eighteen Dojos were offered over five days (May 14 to 18, 2022). Eighteen presentations and six workshops were offered over three days (May 18 to 20, 2022).
List of Presentations
For descriptions of the presentations and presenters please follow this link.
[KEYNOTE] A Brief and Mostly Incorrect History of Fully-Remote Mobile Vulnerabilities, Natalie Silvanovich
[KEYNOTE] Is the Future of AppSec Human?, David Brumley
Launching EMUX - A framework for emulating ARM and MIPS IoT Devices, Saumil Shah
Project TEMPA - Demystifying Tesla's Bluetooth Passive Entry system, Martin Herfurt
Bad ALAC: One codec to hack the whole world, Slava Makkaveev and Netanel Ben Simon
Bypassing Falco: Cluster Compromise without Tripping the SOC, Shay Berkovitch
FirmWire: Taking Baseband Security Analysis to the Next Level, Dominik Maier, Marius Muench and Grant Hernandez
Kubernetes Attack and Defense: Break Out and Escalate!, Jay Beale
Defeating Stack Canaries and Memory Safety with Speculative Execution, Andrea Mambretti and Anil Kurmus
Talk to Your Doctor About If Protocols are Right for You: Vulnerabilties in HL7 Protocols, Zachary Minneker
Securing the 3rd Party Software Life Cycle, Kesav Nimmagadda and Neha Shukla
Thanks for Leaving the Lights On, Adam Doherty
When eBPF meets TLS! by Guillaume Valadon
The Printer goes brrrr by Rémi Jullian, Thomas Jeunet and Mehdi Talbi
PWN Windows: From Low to System Privilege via RASMAN Service by Ziming Zhang
Matryoshka Trap: Recursive MMIO Flaws Lead to VM Escape by Qiuhao Li and Gaoning Pan
Exploiting Relational and Non-Relational Java Databases by Xu Yuanzhen and Chen Hongkun
Mystique Hits: Vulnerability Chain that breaks the Android Application Sandbox by the Dawn Security Group
List of Workshops
For more details, please follow this link.
Hands On EMUX: Emulating ARM and MIPS IoT Firmware by Saumil Shah
Practical Mobile App Attacks by Example by Abraham Aranguren
Security Lessons From COVID-19 by Rob Slade
An Introduction to ARM Assembly and Shellcode by Saumil Shah
Practical CodeQL for Auditors, Agustin Gianni
Hacking Javascript Desktop Apps with XSS and RCE, Abraham Aranguren
List of Dojos
For a greater level of details, please follow this link. The names of the dojos and their presenters follows below.
x86-64 OS Internals by Xeno Kovah
x86-64 Intel Firmware Attack & Defense by Xeno Kovah
x86-64 All You Can Learn Buffet! by Xeno Kovah
x86-64 Assembly by Xeno Kovah
C/C++ Implementation Vulnerabilities by Xeno Kovah
Cognitive Security: Defending against Misinformation, Disinformation and Other Information Harms by SJ Terp and Pablo Breuer
Assessing and Exploiting Control Systems and IIoT by Justin Searle
Evil Mainframe: Mainframe Hacking for Penetration Testers by Phil Young
Heap Exploitation by Maxwell Dulin and Zachary Minneker
Automated Program Analysis using Machine Learning by Hahna Kane Latonick
Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation by Dawid Czagan
Advanced Penetration Testing: Mastering Web Attacks with Full-Stack Exploitation by Dawid Czagan
Web Hacking Secrets: How to Hack Legally and Earn Thousands of Dollars at HackerOne by Dawid Czagan
Windows Kernel Exploitation Advanced Training by Ashfaq Ansari
Windows Kernel Exploitation Foundations by Ashfaq Ansari
Hacking JavaScript Desktop apps: Master the Future of Attack Vectors by Abraham Aranguren and Anirudh Anand
Hacking Android & iOS apps by Example by Abraham Aranguren, Abhishek J M, Anirudh Anand and Juan Urbano Stordeur
Reproducing Zero-Days with Mayhem by Nathan Jackson