Reversing Patches for Exploit Creation, Pen-Testing or Just Fun!

Expo Theatre (Hall G) October 23, 2012 - Feedback     

Bookmark and Share

Bharat Jogi

How many times have you wondered what really gets fixed inthe security patches released by vendors? Are you curious to find new vulnerabilities that could be introduced due to faulty patches? This talk will go over some basic reversing techniques that anyone can use to read what exactly gets fixed in patches. These techniques can be used to write your own exploit which can be helpful for pen-testing. Malware authors use similar techniques to create malware that targets unpatched systems. This is a fast and very cost effective approach and has been used extensively by malware authors. The talk will demonstrate how easy it is to reverse patches and will highlight the urgent need to apply patches to protect against such attacks.