All Articles

Bruh! Do you even diff?—Diffing Microsoft Patches to Find Vulnerabilities

Posted by pritha on April 3, 2016 at 7:37pm

Bruh! Do you even diff?—Diffing Microsoft Patches to Find Vulnerabilities

Ever wondered how to find bug fixes residing in Microsoft patches? In this presentation we will take a look at the tools and techniques used to reverse engineer Microsoft security patches. Many organizations take weeks to push out patches to their domains. If an attacker can locate the fix and get a working exploit going, they can use it to compromise your organization.

Speaker

Stephen Sims (@steph3nsims)

Security Researcher, SANS Institute

Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Sims currently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling and penetration testing. Sims has an M.S. in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute, having written courses on exploit development and penetration testing. He is a Co-Author of Gray Hat Hacking 4th Edition. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications. In his spare time Stephen enjoys snowboarding and writing music.

Detailed Presentation

(Source: RSA USA 2016-San Francisco)

8669803085?profile=original

Views: 280
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by pritha

Community Head, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

Jun 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
Virtual
  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

6 City Round Table On "New Guidelines & CISO Priorities for 2025" (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

Dec 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
India
  • Description:

    We are pleased to invite you to an exclusive roundtable series hosted by CISO Platform in partnership with FireCompass. The roundtable will focus on "New Guidelines & CISO Priorities for 2025"

    Date: December 1st - December 31st 2025

    Venue: Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata

    >> Register Here

  • Created by: Biswajit Banerjee

Fireside Chat With Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.)

Jan 10, 2026 from 4:30pm to 5:00pm
Online
  • Description:

    We’re excited to bring you an insightful fireside chat with Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.) and Erik Laird (Vice President - North America, FireCompass). 

    About Sandro:

    Sandro Bucchianeri is an award-winning global cybersecurity leader with over 25…

  • Created by: Biswajit Banerjee
  • Tags: ciso, sandro bucchianeri, nab