Mailing List Archive

CanSecWest 2009 Speakers and Dojo courses (Mar 14-20)
Final Speaker Lineup for CanSecWest 2009 (March 18-20):

The Smart-Phones Nightmare - Sergio 'shadown' Alvarez

Getting into the SMRAM: SMM Reloaded - Loíc Duflot

Network design for effective HTTP traffic filtering - Jeff "rfp"
Forristal, Zscaler

Ninja Scanning - Fyodor,

On Approaches and Tools for Automated Vulnerability Analysis - Tanmay
Ganacharya & Nikola Livic & Abhishek Singh & Swapnil Bhalode & Scott
Lambert, Microsoft

Kicking It Old School: No DNS Packets Were Harmed In The Making Of
This Presentation - Dan Kaminski, IOActive

Binary Clone Wars: Software Whitelisting for Malware Prevention and
Coordinated Incident Response. - Shane Macaulay, Sean Comeau, and
Derek Callaway, Security Objectives

.NET Rootkits - Erez Metula

The Evolution of Microsoft's Exploit Mitigations - Matt Miller and Tim
Burrell, Microsoft

An overview of the state of videogame console security. - Victor Muñoz

A Look at a Modern Mobile Security Model: Google's Android - Jon

Bug classes we have found in *BSD, OS X and Solaris kernels - Christer
Oberg and Neil Kettle, Convergent Network Solutions

Multiplatform Iphone/Android Shellcode, and other smart phone
insecurities - Alfredo Ortega and Nico Economou, Core

Platform-independent static binary code analysis using a meta-assembly
language - Sebastian Porst & Thomas "halvar" Dullien, zynamics

Persistent BIOS Infection - Anibal Sacco & Alfredo Ortega, Core

Decompiling Dalvik and other JavaFX - Marc Schoenefeld

Automated Real-time and Post Mortem Security Crash Analysis and
Categorization - Jason Shirk & Dave Weinstein, Microsoft

SSL, The Sequel: MD5 collisions and EV certificates - Alexander
Sotirov & Mike Zusman

Exploiting Unicode-enabled software - Chris Weber

Chinese Infosec & Malware Overview - Wei "icbm" Zhao, 365menshen

Hacking Macs for Fun and Profit - Dino Dai Zovi & Charlie Miller

...and a variety of lightning talks...

Security Masters Dojo courses (March 14-17):

Metasploit: Asymmetric Warfare - H D Moore, BreakingPoint Systems

Advanced Honeypots - Thorsten Holz

IPv6 Network Security - Nico Fishbach & Guillaume Valadon, COLT & CNRS

Ultimate Web Hacking (One Day Edition) - Mike Andrews, Foundstone

TCP/IP Network Security In Depth - Andrea Barisani, inverse path

Effective Fuzzing using the Peach Fuzzing Platform - Michael
Eddington, Leviathan Security

Secure Java Programming and Auditing - Marc Schoenefeld

Practical 802.11 WiFi (In)Security - Cédric Blancher, EADS

Q/SSE Qualified/ Software Security Expert Certification Bootcamp -
Security University

Q/SA Qualified Security Analyst Penetration Tester - Security University

Advanced Linux Hardening - Andrea Barisani & Jay Beale, inverse path &

Physical Security and Lock Technology - Deviant Ollam

The Exploit Laboratory - Advanced Edition - Saumil Shah, Net-Square

Mastering the Network with Scapy - Phillipe Biondi, EADS

Pwn2Own Contests:

There will be TWO Pwn2Own contests this year.
Generous cash prize(s) for exploits will be sponsored by Tipping Point,
and a Sony VAIO P fresh from Japan and a new loaded Apple Macbook
will be amongst the prizes.

The targets this year will be mobile smart-phones, and browsers.

Mobile targets:
Windows Mobile

Browser Targets:

The contest will like in previous years feature a progressively
expanding attack surface over the three day duration of the
conference. Final prizes and rules will be announced shortly.

Post-Conference Whistler Expedition:

We have secured some rooms at good rates at the Westin in Whistler
and reserved a cluster of four, 3-5 bedroom, cabins for the weekend
after the conference. Contact if you wish to be included
in the planning, final accommodation rates will be announced shortly.

Conference Hotel Block:

The room rates at the Sheraton Wall Center hotel where the conference
is being held have been reduced from $183 to $169, and still includes
a waived $15/day free internet access in the rate.

Tenth Anniversary Gala Event:

Since this is our tenth anniversary for the conference, we will
be having a party on Thursday night. Venue TBD. We're pretty
sure there will be a cake. No word yet on whether there will
be dancers inside it. ;-)

Day-Care Facilities will be available:

As a nod to the shifting demographic of early gen. security
researchers we will be trying a new experiment this year
and we will be providing day-care facilities for those
traveling with kids. We will try to arrange some group
discounts with our provider once we know how many
kids and what ages and times will have to be
accommodated. If you are interested in this service
please send a note to and let
her know ages and times.

We will try to get them started on exploit writing
courses for pre-schoolers :-). Does this mean
we are all grown up now?

It promises to be another fun conference again this
year. See you all there.


World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada  March 16-20 2009
pgpkey kyxpgp
Plugins-writers mailing list