PACific SECurity - applied security conferences and training in Pacific Asia: CanSecWest | PacSec |

Past Events

The PacSec conference was established in 2003.

Archives of presented material may be found in below links.

Material Archives - List, 2014, 2013, 2011, 2006, 2005, 2004, 2003.

PacSec 2017

1. "Grandma's old bag, how outdated libraries spoil Android app security"
Marc Scho╠łnefeld, ,
English Slides / Japanese Slides

2. "Hacking Robots Before Skynet"
Lucas Apa, IOActive,
English Slides / Japanese Slides

3. "When encryption is not enough: Attacking Wearable - Mobile communication over BLE"
Kavya Racharla, Intel,
English Slides / Japanese Slides

4. "Neural Network for Detecting APT Lateral Movement"
Shusei Tomonaga, JPCERT/CC,
English Slides / Japanese Slides

5. "7 sins of ATM protection against logical attacks"
Timur Yunusov + Yar Babin, Positive Technologies,
English Slides / Japanese Slides

6. "Key recovery attacks against commercial white-box cryptography implementations"
Sanghwan Ahn, LINE Corporation,
English Slides / Japanese Slides

7. "A filesystem attack vector for backdoors, rowhammer-like attacks, and more"
Anil Kurmus, ,
English Slides / Japanese Slides

8. "The Art of Exploiting Unconventional Use- after-free Bugs in Android Kernel"
Di Shen, Tencent Keenlab,
English Slides / Japanese Slides

9. "A view into ALPC-RPC"
Clement Rouault + Thomas Imbert, Sogeti,
English Slides / Japanese Slides

10. "Supply chain security considerations for embedded devices"
Ian Robertson, NCC Group Canada, Josh Ryder, AppNexus,
English Slides / Japanese Slides

11. "From Out of Memory to Remote Code Execution"
Yuki Chen, Qihoo 360,
English Slides / Japanese Slides

PacSec 2016

"The inner workings of the Microsoft Bounty Program"
Akila Srinivasan, Microsoft Security Response Center,
English Slides /

"Science Fiction Becomes Reality: Emerging Threats in our Connected World"
Mickey Shkatov + Jesse Michael, Intel Security Advanced Threat Research,
English Slides / Japanese Slides

"Attacking DSMx Spread Spectrum Frequency Hopping Drone Remote Control with SDR(Software Defined Radio)"
Jonathan Andersson, Trend Micro,
English Slides / Japanese Slides

"Smashing the Jars"
Anthony Kasza, Palo Alto Networks, @anthonykasza
English Slides / Japanese Slides

"New wave of Cyber terror in the Korea Financial Sector"
Kyoung-Ju Kwak, Korea Financial Security Institute,
English Slides / Japanese Slides

"ATM. How to make the fraud."
Olga Kochetova + Alexey Osipov, Kaspersky Lab,
English Slides / Japanese Slides

"How FIRST will save you time reverse engineering"
Angel Villegas, Cisco Systems,
English Slides / Japanese Slides

"Demystifying the Secure Enclave Processor"
Mathew Solnik, OffCell Research, @msolnik
English Slides / Japanese Slides

"In the Zone: OSX Heap Exploitation"
Tyler Bohan, Cisco Talos, @1blankwall1
English Slides / Japanese Slides

"Active fuzzing as complementary for passive fuzzing"
Moony Li + Jack Tang, TrendMicro, @Flyic + @jacktang310
English Slides / Japanese Slides

"Finding Vulnerabilities in Firefox for iOS"
Muneaki Nishimura, Recruit Technologies,
English Slides / Japanese Slides

"Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-Driving Vehicles"
Wenyuan Xu + Chen Yan + Jianhao Liu + MinRui Yan, Zhejiang University, Qihoo360,
English Slides / Japanese Slides

"Windows Metafiles: an analysis of the EMF attack surface and recent vulnerabilities."
Mateusz Jurczyk, Google,
English Slides / Japanese Slides

PacSec 2015

"Attacking IoT with SDR (Software Defined Radio)"
Jonathan Andersson, HP,
English Slides / Japanese Slides

"Attacking HTTP2 Implementations"
Stuart Larsen + John Villamil, Yahoo!, @xc0nradx & @day6reak
English Slides / Japanese Slides

"Criminal Hideouts for Lease: Bulletproof Hosting Services"
Maxim Goncharov, Trend Micro,
English Slides / Japanese Slides

"BlueToot / BlueProx - when Bluetooth met NFC"
Adam Laurie, Aperture Labs, @rfidiot
English Slides / Japanese Slides

"Windows 10, Elevator Action"
James Forshaw, Google UK,
English Slides / Japanese Slides

"Panel discussion - Cybersecurity: Where do I start/what do I need to do?"
Panelists: Josh Ryder, Chris Kuethe, Masakazu Takahashi, AppNexus, Box, Microsoft Japan,

"Warranty Void If Label Removed - Attacking MPLS Networks"
Georgi Geshev, MWR InfoSecurity,
English Slides /

"The plain simple reality of entropy (Or how I learned to stop worrying and love urandom)"
Filippo Valsorda, CloudFlare, @FiloSottile
English Slides / Japanese Slides

"High Performance Fuzzing"
Richard Johnson, Cisco Talos, @richinseattle
English Slides / Japanese Slides

"Universal Pwn n Play"
Martin Zeiser + Aleksandar Nikolic, Cisco,
English Slides / Japanese Slides

"Vulnerabilities mining technology of Cloud and Virtualization platform"
Qinghao Tang, Qihoo 360,
English Slides / Japanese Slides

"Exploiting Heap Corruption due to Integer Overflow in Android libcutils -- Escalate privilege by vulnerabilities in Android system services"
Guang Gong, Qihoo 360, @oldfresher
English Slides / Japanese Slides

"BadBarcode: Hacking with A PIECE of PAPER"
Hyperchem Ma, Tencent,
English Slides / Japanese Slides

"Hidden dangers inside your platform"
Mickey Shkatov + Jesse Michael, Intel,
English Slides / Japanese Slides

PacSec 2014

"Internet voting and signing legally binding documents over the Internet"
- Harri Hursti, Margaret MacAlpine,
"Message Queue (MQ) Vulnerabilities"
- Georgi Geshev, MWR InfoSecurity, @munmap
"Cloud Security at Scale"
- Benjamin Hagen, Netflix, @benhagen
"BadUSB - On accessories that turn evil"
- Karsten Nohl
"Forging the USB armory"
- Andrea Barisani, @AndreaBarisani
"Detecting BGP hijacks in 2014"
- Guillaume Valadon and Nicolas Vivet,
"TENTACLE: Environment-Sensitive Malware Palpation"
- Yosuke Chubachi and Kenji Aiko, FFRI, Inc., @ybachi @07c00
"Windows Kernel Graphics Driver Attack Surface"
- Ilja Van Sprundel, IOActive, @IOActive
"Hey, we catch you - dynamic analysis of Android applications"
- Wenjun Hu, Ministry of Education Key Lab For Intelligent Networks and Network Security in Xi'an Jiaotong University,
"An Infestation of Dragons: Exploring Vulnerabilities in the ARM TrustZone Architecture"
- Josh "m0nk" Thomas, Charles Holmes, Nathan Keltner, Atredis Partners, @m0nk_dot, @afrochees, @natronkeltner
"Root via SMS: 4G access level security assessment"
- Sergey Gordeychik, Alexander Zaytsev, Positive Hack Days international forum on practical security, @scadasl
"Blowing up the Celly - Building Your Own SMS/MMS Fuzzer"
- Brian Gorenc and Matt Molinyawe, HP,

PacSec 2013

"Public-Private Partnership in Proactive Online Security"
Jeff Williams, DellSecureWorks CTU,
"Compromising Industrial Facilities From 40 Miles Away"
Lucas Apa & Carlos Mario Penagos, IOActive,
"Pivoting in the Amazon Clouds"
Andres Riancho, Bonsai, @w3af
"Android games + free Wi-Fi = Privacy leak"
Takayuki Sugiura & Yosuke Hasegawa, NetAgent, @hasegawayosuke
"Breaking MetaTrader"
Boris Petrov & Alex Behar, ECL-Labs,
"Defeating Signed BIOS Enforcement"
Corey Kallenberg, John Butterworth, Xeno Kovah, MITRE,
"Fighting advanced malware using machine learning"
Junichi Murakami, FFRI, @junichi_m
"Defeating the protection mechanism on Android platform"
Tim Xia, Baidu,
"Bypassing DDoS Mitigation "
Tony Miu, Albert Hui, Wai Leng Lee, Alan Chung, Bloodspear Laboratories,
"How to win Pwnium - You've got 4 months, this is where to start"
Ian Beer, Google,
"Mobile Phone Baseband Exploitation in 2013: Hexagon challenges"
Dr. Ralf-Philipp Weinmann, , @esizkur
"attacking microchips through the backside"
Starbug & Dmitry Nedospasov T-Labs, Chaos Computer Club,
"Deeper than ever before: Exploring, Subverting, Breaking and Pivoting with NAND Flash Memory"
Josh m0nk Thomas, ,
"UEFI and PCI BootKits"
Pierre Chifflier, ANSSI,

PacSec 2011

Targeted Espionage Attacks - Mikko Hypponen, F-Secure, @mikko
Black Box Auditing Adobe Shockwave - Aaron Portnoy , Logan Brown, Tipping Point / H.P. Zero Day Initiative
Cracking the perimeter through the weakest link: the human - Marat Vyshegorodtsev, InformZaschita JSC, @touzoku
Rapid and Massive monitoring of DHT: crawling 10 millions of nodes in 24 hours - Ruo Ando, National Institute of Information and Communications Technology + Takayuki Sugiura, NetAgent
Dynamic cryptographic trapdoors to take over the TOR network - Eric Filiol, Groupe ESIEA, @efiliol
Secure Development on iOS - David Thiel, iSEC Partners
How Security Broken? : Android Internals and Malware Infection Possibility - Tsukasa Oi, Fourteenforty Research Institute, @a4lg
Ramooflax, pre-boot virtualization - Stephane Duverger, EADS Innovation Works
A New Approach to Automated JavaScript De-obfuscation - Ulysses Wang + Nick Guo, Websense
ARM Exploitation ROPmap - Thanh Le Nguyen + Long Dinh Le, VNSECURITY

PacSec 2008

Putting an SSH server in your NIC -Arrigo Trulzi
Gone in 900 Seconds, Some Crypto Issues with WPA -Erik Tews
Browser Memory Protection Bypasses: Virtual Machines -Mark Dowd, IBM
Cross domain leakiness: Divulging sensitive information and attacking SSL sessions -Chris Evans & Billy Rios, Google, Microsoft
Flash XSS - Rich Cannings, Google
Malicious origami in PDF -Fredric Raynal, Guillaume Delugre
Security for Virtual and Physical Server Environment -Akiko Takahashi, SCS
Living in the RIA World (Flash/Air, Silverlight, Gears, Prism, BrowserNow, HTML5) -David Thiel, iSec
Understanding Cross-Domain Models and Threats -Peleus Uhley, Adobe
Gaining access through Kerberos -Emmanuel Bouillon
A new web attack vector: Script Fragmentation -Stephan Chenette, WebSense
Countermeasure to SSH Brute Force Attack according to behaviour -Tetsuo Handa, NTT Data
Advances in Automated Attack Planning -Carlos Sarraute & Alejandro David Weil, Core
Inside "Winnyp", Winnyp Internals and Concepts of Network Crawling -Toshiaki Ishiyama, Fourteenforty

PacSec 2007

Programmed I/O accesses: a threat to virtual machine monitors? -Loic Duflot
Developing Fuzzers with Peach -Michael Eddington, Leviathan Security
Cyber Attacks Against Japan -Hiroshi Kawaguchi, LAC
Windows Localization: Owning Asian Windows Versions -Kostya Kortchinsky,Immunity
TOMOYO Linux -Toshiharu Harada, NTT Data
IPV6 Demystified -Jun-ichiro itojun Hagino , IPv6Samurais
Automated JavaScript Deobfuscation -Alex Rice, Websense Security Labs
Enter Sandman (why you should never go to sleep) -Nicolas Ruff & Matthieu Suiche, EADS
Agent-oriented SQL Abuse -Fernando Russ & Diego Tiscornia, Core
Bad Ideas: Using a JVM/CLR for Intellectual Property Protection -Marc Schoenefeld, University of Bamberg
Heap exploits are dead. Heap exploits remain dead. And we have killed them.-Nicolas Waisman, Immunity
Deploying and operating a Global Distributed Honeynet -David Watson, Honeynet Project
Office 0days and the people who love them -Microsoft

PacSec 2006

Smashing Heap by Free Simulation - Sandip Chaudhari
Methods of increasing source code security automatically - Ben Chelf, Coverity
IPTV: Triple Play Triple Threats - YM Chen, McAfee
Mobile IPV6, Les Problemes - Arnaud Ebalard & Guillaume Valadon, EADS, University of Tokyo
Threats against and protection of Microsoft's internal network - Greg Galford, Microsoft
How to secure a networking stack: IPv6 and NetIO - Abolade Gbadegesin, Microsoft
On XSRF(Cross Site Request Forgery) and why you should care - Martin Johns, University of Hamburg
Linux Kernel == Security Nightmare - Marcel Holtmann, Red Hat
hacking fingerprint recognition systems- Jan Krissler, Fraunhofer Institute
OpenOffice/OpenDocument and MS OpenXML security - Philippe Lagadec, CELAR
The Malware Landscape - Adam Overton & Jeff Williams, Microsoft
Strong cryptographic payload obfuscation and encryption - Ariel Waissbein, Core Security Technologies
Undermining Security in Vista WCF - Marc Schoenefeld
Evolving Windows Shellcode - Masaki Suenaga Symantec Security Response Tokyo
IPV6 Mapping - Yuji Ukai, eeye
MSKK Security Fundamentals - Yuji Okuten, Microsoft

PacSec 2005

Andrea Barisani - Gentoo
Building a modern LDAP based security framework.
C├ędric "Sid" Blancher - EADS
- WiFi traffic injection based attacks
Javier Burroni - CORE SDI
Using Neural Networks for remote OS identification
Maximillian Dornseif - Laboratory for Dependable Distribute Systems
Watching hackers hack - attack visualization
van Hauser - thc
Attacking the IPv6 protocol suite
Adam Jacobs - Oracle
Commercial Software and How Can We Fix It)?
Chris Jordan - Endeavor Security
Writing Better Intrusion Prevention Signatures
Hiroshi Shinotsuka - Symantec
Advances in trojan threats
Ilja van Sprundel - Suresec
Unix Kernel Auditing
Mark Uemura
Fault Redundant IPV6 Wireless Firewalls
Yuji Ukai - eeye
Exploiting Real-Time OS Based Embedded Systems Using the JTAG Emulator
Christian Wieser - Oulu University Secure Programming Group
VoIP: SIP robustness and RTP security

PacSec 2004

George Kurtz -
Google Hacking: Searching for ways to stop hackers.
Shane "K2" Macaulay & Dino Dai Zovi - Bloomberg
Wireless vulnerabilities from rogue access points
Nico Fischbach - COLT
Voice Over IP Security
Maximillian Dornseif -
0wn3d by an iPod: Firewire/1394 Issues
Nico Fischbach & Toby Kohlenberg
Best methods for detecting anomalies in global networks
David Meltzer -
Hybrid approaches for optimized network discovery
Nicolas Brulez -
Windows virus executable file infections and heuristic detection
Ivan Arce - CORE SDI
Analyzing exploit code quality.
Hiroaki Eto
Stack Protection Systems (ProPolice, XP SP2...)
Laurent Oudot -
Countering Attack Deception Techniques
Greg Smith
Security Tutorial for Administrators
Ejovi Nuwere
Inside Jyukinet: The Audit

PacSec 2003

Lance Spitzner - Honeypot Technologies Inc.
Honeypot technology
Richard Forno - Former InterNIC CSO -
Incident Response
Nicolas Fischbach - COLT Telecom -
Secure Network Infrastructure Deployment
Jose Nazario - Arbor Networks -
Is the future so bleak? An analysis of proposed worm futures
FX - Phenoelit -
Cisco Vulnerabilities: The Past, The Present, and The Future
Jun-ichiro itojun Hagino - Internet Initiative Japan Inc. -
IP Version 6 Security Considerations
Marty Roesch - Sourcefire -
Passive network reconnaissance and intrusion data analysis
Ivan Arce & Gerardo Richarte - Core SDI -
State of the Art Security from an Attacker's Viewpoint.
Dave Aitel - Immunity Inc. -
Modern Exploit Shellcode Generation and Attack Techniques
Theo DeRaadt - OpenBSD -
Advances in OpenBSD
Tom Vogt - SELinux -
Security Enhanced Linux Architecture and Applications