Interact with the security community
CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
The conference is single track, with one hour presentations over the duration beginning at 9:00 a.m. The registration fee includes the catered meals, and there will be a vendor display and lounge/eating area, where wireless internet access will be available (as well as in the speaking theater). The conference discount hotel room booking system can be found here.
The dojo registration links are active, including three new two day courses and one revamped four day course, as well as our regular lineup of excellent material taught by industry luminaries to empower your security technology level. Two sessions of a course on securing hardware called Applied Physical Attacks on x86 Systems from Joe Fitzpatrick are available, and our regular instructors Scott Lambert and Jason Geffner, who also do the Introductory and Advanced Malware Deobfuscationr courses, have a new course about Nation-State Sponsored Targeted Attacks, which is very timely as this has emerged as a new significant threat vector recently. John Butterworh is offering a new course on securing UEFI BIOS in Introductory BIOS & SMM Attack & Defense and Saumil Shah has updated his always popular four day Exploit Lab course to focus on the ARM platform in the ARM Exploit Lab which is also emerging as an important new area of security technology.
Joe's hardware course Applied Physical Attacks on x86 Systems
Applied Physical Attacks on x86 Systems This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. The course has several modules: USB, SPI/BIOS, I2C/SMBus, PCIe, and JTAG. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells. Based on the pace and interest of the attendees, not all material may fit in 2 days but will still be available to attendees.
Scott and Jason's APT analysis course Nation-State Sponsored Targeted Attacks
RSA, Google, The New York Times, Lockheed Martin, Coca-Cola, Northrop Grumman, The Wall Street Journal, Kaspersky, the list goes on and on of companies that have been recently infiltrated via Advanced Persistent Threats (APTs). Nation-state adversaries and organized crime groups have been waging a digital war on major companies and government agencies over the last several years and the quantity and complexity of these attacks continues to accelerate at a rapid pace. In order to prevent and respond to APTs, it is critical to understand the attackers' motives and methods. This course follows the theatrical narrative of a fictional attack on a major defense contractor and puts the student in the action seat. Students work with a team of supporting characters throughout the class in order to analyze and learn about the tactics, techniques, and procedures used during an APT intrusion. This is a hands-on course. Attendees will analyze real-world malware used by real-world nation-state adversaries during the APT response in order to track down the adversary behind the attack and understand the havoc wreaked on the victim's network.
John Butterworth's Introductory BIOS & SMM Attack & Defense
UEFI BIOS is firmware where the sophisticated attacker can live unseen and unfettered. This class covers why the BIOS is critical to the security of the platform. It will also show you how the BIOS may be compromised and what capabilities and opportunities are provided to the attacker when it is. You will be provided tools for performing vulnerability analysis on firmware, as well as firmware forensics. Additionally, this class will introduce people UEFI firmware reverse engineering. This can be used either for vulnerability hunting, or analyzing suspected implants found in a UEFI BIOS, without having to rely on anyone else.
Saumil Shah's ARM Exploit Lab
ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The all new ARM Exploit Laboratory is a 4-day intermediate level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers everything from an introduction to ARM assembly all the way to Return Oriented Programming (ROP) on ARM architectures. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM Linux and Windows environments. The 4-day format features lots of hands-on exercises allowing students to internalize concepts taught in class.
We have special rate for our conference attendees at Sheraton Wall Centre (our conference hotel).
If you would like to take this opportunity, please go to the link below and reserve your room, then you should be able to get the room with conference special rate which is CDN $175/night (the price includes high speed internet connection in your room plus additional benefits as below).
We sell out all of the rooms every year and we will close the link pretty soon, so please make sure to book your room early enough.
Guests who book from our group rate can get these benefits(not applicable for out of block bookings):
- Complementary Hi-Band in room Internet (4Mbps, Regular price additional $18.95 per night)
- Complementary Bottled water within guestrooms for the duration of the conference (Valued at $10 per day)
- Complementary Communication bundle (includes HSIA, local/1-800 calls) for each guestroom (Valued at $1.60 access charge for calls up to 60 minutes and $0.10 for each additional minute up to 90th minute)
- A voucher to use in Cafe One or Bar One (in the hotel) for a 10% discount off the menu (excludes alcohol)
- Complimentary Health Club Access
- Free of charge cancellation until the day of arrival 6pm
- Earn SPG points