John Mac
An independent security researcher in Canada who is passionate about learning and sharing knowledge on various aspects of information security. He has a keen interest in binary analysis, patch diffing, and vulnerability discovery. He is the creator of several open-source security and InfoSec tools and also blogs regularly about his research projects and experiments with Ghidra and Jupyter Notebooks. You can follow him on Twitter @clearbluejar or visit his website https://clearbluejar.github.io.
Sessions
The goal of this workshop is to teach participants how to use patch diffing techniques to analyze real-world vulnerabilities in Microsoft Windows via (CVE-2023-28302) and Android via (CVE-2022-36934). The main point of the workshop is to help researchers understand that they already have the information and tools needed to understand complex vulnerabilities. By learning to patch diff "in the dark", a researcher can progress from knowing about a vulnerability to actually understanding its root cause.