{
	"id": "da63a7bf-64f1-4e54-bd7b-4d8b387e1557",
	"created_at": "2026-04-06T00:06:50.660674Z",
	"updated_at": "2026-04-10T13:12:18.436689Z",
	"deleted_at": null,
	"sha1_hash": "ad054f2a836e5abbd68aed35262c95129c7d1c4f",
	"title": "Microsoft Patch Analysis for Exploitation",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 73135,
	"plain_text": "Microsoft Patch Analysis for Exploitation\r\nBy Irongeek.com\r\nArchived: 2026-04-05 20:31:57 UTC\r\nSearch Irongeek.com:\r\nAffiliates:\r\nHelp Irongeek.com pay for bandwidth and research equipment:\r\nMicrosoft Patch Analysis for Exploitation\r\nStephen Sims\r\n@Steph3nSims\r\nBSidesCharm 2017\r\nhttp://www.bsidescharm.com\r\nSince the early 2000's Microsoft has distributed patches on the second Tuesday of each month. Bad guys, good guys, and\r\nmany in-between compare the newly released patches to the unpatched version of the files to identify the security fixes.\r\nMany organizations take weeks to patch and the faster someone can reverse engineer the patches and get a working exploit\r\nwritten, the more valuable it is as an attack vector. Analysis also allows a researcher to identify common ways that Microsoft\r\nfixes bugs which can be used to find 0-days. Microsoft has recently moved to mandatory cumulative patches which\r\nintroduces complexity in extracting patches for analysis. Join me in this presentation while I demonstrate the analysis of\r\nvarious patches and exploits, as well as the best-known method for modern patch extraction.\r\nStephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen\r\ncurrently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling,\r\nand penetration testing. Stephen has a MS in information assurance from Norwich University and is a course author and\r\nsenior instructor for the SANS Institute. He is the author of SANS' only 700-level course, SEC760: Advanced Exploit\r\nDevelopment for Penetration Testers, which concentrates on complex heap overflows, patch diffing, and client-side exploits.\r\nStephen is also the lead author on SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking. He holds the\r\nGIAC Security Expert (GSE) certification as well as the CISA, Immunity NOP, and many other certifications. In his spare\r\ntime Stephen enjoys snowboarding and writing music.\r\nhttps://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims\r\nPage 1 of 2\n\nEtt fel inträffade.\r\nDet går inte att köra JavaScript.\r\nBack to BSidesCharm 2017 list\r\nPrintable version of this article\r\n15 most recent posts on Irongeek.com:\r\nOISF 2023 Videos\r\nOISF 2022\r\nBrian Rea (DeviantOllam Deviant) and Lesley Carhart (Hacks4Pancakes) continue their harassment of me\r\nOSInt, Doxing And Cyberstalking Page Updated\r\nOISF 2021 Videos\r\nBSides Cleveland 2021 Videos\r\nWho's Your Hacker\r\nBSides Tampa 2020 Videos\r\nLouisville Infosec 2019 Videos\r\nBSidesCT 2019 Video\r\nGrrCON 2019 Videos\r\nBSidesSTL 2019 Videos\r\nDerbyCon 9 Videos\r\nOISF 2019 Videos\r\nBSides Cleveland 2019 Videos\r\nSource: https://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims\r\nhttps://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims"
	],
	"report_names": [
		"bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims"
	],
	"threat_actors": [],
	"ts_created_at": 1775434010,
	"ts_updated_at": 1775826738,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ad054f2a836e5abbd68aed35262c95129c7d1c4f.pdf",
		"text": "https://archive.orkl.eu/ad054f2a836e5abbd68aed35262c95129c7d1c4f.txt",
		"img": "https://archive.orkl.eu/ad054f2a836e5abbd68aed35262c95129c7d1c4f.jpg"
	}
}