Reverse Engineering Patch Tuesday
John McIntosh
44CON 2024 · Day 1 · Main
In his 44CON talk, John McIntosh, a Security Researcher at C Labs, delved into the intricacies of "Reverse Engineering Patch Tuesday," offering a method to gain "binary truth" from Microsoft's monthly security updates. Building on his prior work with tools like `Griff` and the "CVE North Stars" tutorial, McIntosh demonstrated how security researchers and defenders can move beyond high-level vulnerability descriptions to understand the precise code changes implemented in patches. This talk is a call to action for deeper, self-reliant analysis, providing the techniques and tools necessary to dissect Microsoft’s security fixes.
AI review
McIntosh delivers a technically grounded, tool-backed methodology for automating patch diffing at scale against Patch Tuesday releases — real work, real tooling, real results. The 67% CVE-to-binary mapping rate is an honest, quantified claim, which immediately separates this from the usual hand-wavy research theater. Not a world-shaker, but exactly the kind of practitioner-grade engineering talk that makes a conference worth attending.