In this presentation Stephen will briefly cover the methodology andtools used to perform Microsoft patch analysis before jumping into livedemonstrations. We will take a real-world Microsoft patch from 2014 andanalyze it to determine the location of the vulnerability. The majorityof patched vulnerabilities are privately disclosed to Microsoft. Beingable to reverse engineer them with the goal of writing a working exploitcan be almost as valuable as a 0-day due to the time it takesorganizations to patch their systems.