Microsoftís Circle Of Life: Patch To Exploit presented at BlueHat 2007

by Lurene ( pusscat ) Grenier (Sourcefire ),

Tags: Security

Summary : This talk will outline a simple, repeatable procedure for turning Microsoft Tuesday patch releases into proof of concept exploits within a matter of hours. We will walk through each step, starting with information gathering and patch disassembly, and detailing how knowledge of systems and patching practices mixed with basic reverse engineering knowledge can result in quickly discovered vulnerabilities. Once the triggering conditions are discovered, we will discuss how hackers decide which vulnerabilities will be weaponized, and the speed with which hackers can do so with the metasploit framework.