# John McIntosh

::::{grid} 2 2 2 2

:::{grid-item}
:columns: 4

```{image} ../images/speakers/JohnMac.png
:class: m-auto circular
:height: 300px
:width: 300px
```

:::

:::{grid-item}
:columns: 7
:child-align: center
An independent security researcher in Canada who is passionate about learning and sharing knowledge on various aspects of information security. He has a keen interest in binary analysis, patch diffing, and vulnerability discovery. He is the creator of several open-source security and InfoSec tools and also blogs regularly about his research projects and experiments with Ghidra and Jupyter Notebooks. You can follow him on Twitter @clearbluejar or visit his website https://clearbluejar.github.io.
:::

::::

## Talks (Eastern Timezone)

| Title | Abstract | Date | Time |
| ----- | -------- | ---- | ---- |
| Winbindex Oracle - Predicting Windows Binary Download Links with Jupyter Notebooks | Microsoft provides the ability to download individual binaries directly from Microsoft to support debugging via a public symbol server. Winbindex is an open-source project that indexes these download links for Windows OS binaries. Winbindex can generate these links by parsing Microsoft binaries, as links can be generated if specific attributes of a binary (build date, hash, etc.) are known. As a security researcher, having the ability to download an arbitrary Microsoft binary with a specific version enables research techniques such as patch diffing. What if these links could be generated without having to download the actual binaries? What if we could create a Winbindex oracle? Come find out how we can combine partial file information from Microsoft Update Manifest Files and leverage Jupyter Notebooks to predict file download links to enable security research. | 2024-02-16 | 14:45 |