Bustication Everywhere: A CanSecWest 2012 Retrospective

Posted on March 11, 2012 by



Another conference has come and gone. Sometimes it seems that the annual conference schedule is the metronome to which the Infosec world paces itself. The coming and going of conferences is the only consistency in this idiosyncratic industry full of neurosis and theatrics. This year’s CanSecWest held true to form and was the stage for much anticipated infosec drama (must of it around the “Pwn2Own” contest).

Just before the conference there was a bit of tension between Google and Hewlett Packard’s ZDI (the organizers/sponsors of Pwn2Own) over Google’s last-minute decision to rescind their support of Pwn2Own and instead sponsor their own reward-based competition: Pwnium.

All of this and Pwnium’s $1 million dollar reward purse seemed to only set the tone for what would ironically be a week of Pwn2Own sponsored Chrome bustication. (Although doubtful, my ego can only hope that my past research helped people with all their Chrome sandbox hacking.)

While all of this was happening, we here at Beans were at CanSecWest finishing up the course we taught on ARM exploitation. The course is designed to teach how to bypass all thecommon exploit mitigations using nuances of the ARM processor. It is the first public training/research of its kind and we were excited to share it. The course was taught on custom embedded hardware which all the students got to take home at the end of the course. Our course was sold-out, so anticipation was running high, but based on feedback and voluntary comments from students we are confident that it was really useful to folks (despite Steve Lawler’s hoarseness during all of his lectures ;-).

Unfortunately I (Stephen Ridley) couldn’t stay for the entirety of the conference (which was the three days after the trainings) but during the one day I was there, it was cool to hang with much of the NY crew in Vancouver. Brandon and Aaron ran Pwn2Own, Dino and Alex taught their (also sold-out) course on exploitation. It was also great to catch up with old friends, meet folks in person for the first time, and see Vancouver, BC for the first time. (Two of my favorite conferences are in Canada: ReCON and now CanSecWest.)

In summary it was a good first CanSecWest. Cheers to Dragos and Yuriko for putting on a goodcon.  I wish I could’ve stayed past the end of my training to attend the full conference. I also wish I’d packed my 5D Mark II instead of my G12 so that the photos were a bit better, but I had a LOT of other gear to worry about smuggling across the border.

Nonetheless, you can check out a full photo-journal of our CanSecWest 2012 here. Enjoy.

This slideshow requires JavaScript.