Just a few highlights from the CanSecWest 2006 conference:
Julien Tiennes presented on HIPS evasion and released the SLIPFEST toolkit for HIPS evaluation.
Dennis Cox presented on common flaws in network security devices, particularly inline systems such as routers, switches, and intrusion prevention systems. His slides should be available from the CanSecWest.com web site sometime soon
Nico Fishbach presented on the state of VoIP carrier security, leaving most of the audience cringing in horror.
Halvar Flake presented on finding and exploiting bugs involving uninitialized variables, inspiring me to take another look at MS02-018. He uses some really fun tricks to figure out what stack space overlaps between function calls.
Matt Murphy and I developed a quick browser CSS fuzzer and presented it during a two minute lightning talk at the end of the day.
Major Malfunction presented on some really cool tricks involving magnetic strips (credit cards, hotel keys, boarding passes...).
Eric Byres (and colleages) presented on common flaws in SCADA equipment and demonstrated a nifty testing tool called Achilles.
The complete list of CanSecWest presentations can be found HERE