Materials for CanSecWest 2008
These talks are probably online since a while, but as most of them are really interesting, have a look at CanSecWest 2008 conference materials:
- Marty Roesch - Sourcefire: Snort 3.0
- Rich Cannings - Google: Cross-Site Scripting Vulnerabilities in Flash Authoring Tools
- Jan “starbug” Krissler & Karsten Nohl - CCC: Proprietary RFID Systems
- Mark Dowd & John McDonald - IBM ISS: Media Frenzy: Finding Bugs in Windows Media Software
- Rob Hensing - Microsoft: Targeted Attacks and Microsoft Office Malware
- Oded Horovitz - VMWare: Virtually Secure
- Frédéric Raynal - Sogeti/Cap-Gemini: Malicious Cryptography
- Thierry Zoller and Sergio Alvarez - n.runs: The Death of AV Defense in Depth? Revisiting Anti-Virus Software
- Sun Bing: VMWare Issues
- Sebastien Tricaud and Pierre Chifflier - INL: Intrusion Detection Systems Correlation: a Weapon of Mass Investigation
- Dan Hubbard and Stephan Chenette - WebSense: Web Wreck-utation
- Marcel Holtmann - Intel: Secure programming with gcc and glibc
- olleB - toolcrypt.org: Mobitex network security
- Michael Eddington - Leviathan: Peach Fuzzing
- Charlie Miller - Independent Security Evaluators: Fuzz by Number
- Frank Marcus & Mikko Varpiola - Wurldtech / Codenomicon: Fuzzing WTF? What Fuzzing Was, Is And Never Will Be.
- Kowsik Guruswamy - Mu: Vulnerabilities Die Hard
- Dan Grifin - JW Secure: Hacking Windows Vista
- Philippe Lagadec - NATO/NC3A: ExeFilter: a new open-source framework for active content filtering
- Eric Hacker - BT INS: VetNetSec: Security testing for Extremists
- Andres Riancho - Cybsec: w3af: A framework to own the web
- Scott K. Larson - Stroz Friedberg: A Unique Behavioral Science Approach to Threats, Extortion and Internal Computer Investigations
Globally, there were many talks on fuzzers, some interesting work on cold boot attacks, a confirmation that anti-virus are also vulnerable, and a very nice presentation from the CCC guys on how to “dissassemble” an RFID chip :) I also liked the last presentation, which was not really about security stuff, but more about how a software could help determining the character and the pathologies of a guy, from his writings. Scary !
One bad point, though: commercial presentations with no real contents. VMWare folks, for ex., coming to say “hey, we have the best security API, we can monitor stuff from the VMX server” etc., that’s cool. But when someone asks to see the code, or how to use the API, the answer was “well, eeeh. We can’t show you, but it’s cool, believe us”.
Congrats, and thanks, to Dragos for keeping this conference high-quality over years.