A few weeks ago, Ping Yan and I went to Vancouver for the CanSecWest conference in order to present our talk entitled “Intelligent Use of Intelligence: Design to Discover”. Being accepted at this worldwide event, needless to say, we were pretty excited!

This article will give a short overview and a quick recap of all the speakers/events that caught our attention.


We left beautiful San Francisco on March 10th and went directly to our Vancouver office. The weather was sunny and warm and we were so pleased to meet our Canadian peers – we definitely had big smiles on our faces walking to the office!

 photo (6)

On the first day of the conference we discovered the big venue. The event takes place at the beautiful Sheraton Hotel. The conference format is a single track with consecutive one hour presentations beginning at 9:00 a.m. The conference room had 4 huge screens and a very nice sound system allowing clear communication. 


The conference was full of interesting talks. Most were quite technical and dug deep into computer security mechanics. Several speakers caught our attention:

Revisiting iOS Kernel (In)Security – Tarjei Mandt; Azimuth Security

Tarjei described an amazing technique to break and predict a random number generator used in the iOS kernel.

The Real Deal of Android Device Security: the Third Party – Collin Mulliner, Jon Oberheide; Northeastern University, Duo Security

Collin and Jon exposed, in a very elegant way, the overall process of an Android infection and the deployment of a patch. They also presented several of their tools to help the Android community.

ROPs are for the 99%: A revolutionary bypass technology – Yang Yu a.k.a. “tombkeeper”; NSFOCUS Labs

Tombkeeper presented a new mind-blowing technique to implement ROP exploits.

Utilizing machine learning and DNS traffic to discover malware infections and C&C traffic – Brandon Niemczyk, Josiah Hagen, Jonathan Andersson

The talk from Brandon with HP Research Labs was particularly interesting to us, as they tackle a similar problem and a similar dataset as us. They took a Machine Learning approach to identifying botnet behavior examining DNS traffic. The probabilistic model they built generalizes over the likelihood of certain events chains, including periodicity characteristics of a host’s DNS requests, and the number of resource records being returned. The model seems to do a good job identifying hosts infected with malware, but effective identification of malicious servers is yet to come.

Finally, we got to talk on Friday (March 14th). Ping and I presented our research on DNS traffic analysis and data 3D visualization. If you missed it, don’t worry! You can find our slides here :

The audience responded very well to the talk and people seemed extremely interested. We definitely received thoughtful questions and feedback. 

Screen Shot 2014-03-18 at 5.48.02 PM

In addition to the talks, the annual Pwn2Own competition was also held at CanSecWest. If you’re not familiar with the contest, it is a zero-day (0day) discovery contest where all the participants have a chance at earning a great deal of money for unveiling vulnerabilities in some of the most widely used applications and operating systems. The world-renowned VUPEN team was there and the competition unveiled several ground breaking 0day exploits. Perhaps the best summary of the event was Steven J. Vaughan-Nichols’ ZDNet post.

To conclude, Ping and I had a wonderful experience talking at CanSecWest. Great kudos to all the speakers and contest winners, and a very special thanks to the CanSecWest staff (especially Yuriko and Dragos) who made everything easy and smooth. We hope to see you all again soon!

This post is categorized in: