John McIntosh
A security researcher @clearseclabs who is passionate about learning and sharing knowledge on various aspects of information security. He has a keen interest in binary analysis, patch diffing, and vulnerability discovery. He is the creator of several open-source security tools and also blogs regularly about his research projects and experiments with Ghidra and patch diffing. You can follow him on Twitter @clearbluejar or visit his website https://clearbluejar.github.io.
@clearbluejar
What is your Mastodon ID? –Session
The goal of this workshop is to teach participants how to use patch diffing techniques to analyze real-world vulnerabilities in Microsoft Windows via (CVE-2023-28308) and Android via (CVE-2022-36934). The main point of the workshop is to help researchers understand that they already have the information and tools needed to understand complex vulnerabilities. By learning to patch diff "in the dark", a researcher can progress from knowing about a vulnerability to actually understanding its root cause.