Patch Pwnage: Ripping Apart Microsoft Patches to Build Exploits

  • Wednesday, 08 Oct 2014 2:00AM EDT (08 Oct 2014 06:00 UTC)
  • Speaker: Stephen Sims

In this presentation Stephen will briefly cover the methodology andtools used to perform Microsoft patch analysis before jumping into livedemonstrations. We will take a real-world Microsoft patch from 2014 andanalyze it to determine the location of the vulnerability. The majorityof patched vulnerabilities are privately disclosed to Microsoft. Beingable to reverse engineer them with the goal of writing a working exploitcan be almost as valuable as a 0-day due to the time it takesorganizations to patch their systems.