John McIntosh#


An independent security researcher in Canada who is passionate about learning and sharing knowledge on various aspects of information security. He has a keen interest in binary analysis, patch diffing, and vulnerability discovery. He is the creator of several open-source security and InfoSec tools and also blogs regularly about his research projects and experiments with Ghidra and Jupyter Notebooks. You can follow him on Twitter @clearbluejar or visit his website

Talks (Eastern Timezone)#





Winbindex Oracle - Predicting Windows Binary Download Links with Jupyter Notebooks

Microsoft provides the ability to download individual binaries directly from Microsoft to support debugging via a public symbol server. Winbindex is an open-source project that indexes these download links for Windows OS binaries. Winbindex can generate these links by parsing Microsoft binaries, as links can be generated if specific attributes of a binary (build date, hash, etc.) are known. As a security researcher, having the ability to download an arbitrary Microsoft binary with a specific version enables research techniques such as patch diffing. What if these links could be generated without having to download the actual binaries? What if we could create a Winbindex oracle? Come find out how we can combine partial file information from Microsoft Update Manifest Files and leverage Jupyter Notebooks to predict file download links to enable security research.