John McIntosh
John McIntosh, @clearbluejar, is a security researcher at Clearseclabs. His area of expertise lies within reverse engineering and offensive security, where he demonstrates proficiency in binary analysis, patch diffing, and vulnerability discovery. Notably, John has developed multiple open-source security tools for vulnerability research, all of which are accessible on his GitHub page.
Additionally, his website, https://clearbluejar.github.io/, features detailed write-ups on reversing recent CVEs and building RE tooling with Ghidra. Boasting over a decade of experience in offensive security, John is a distinguished presenter and educator at prominent security conferences internationally. He maintains a fervent commitment to sharing his latest research, acquiring fresh perspectives on binary analysis, and engaging in collaborative efforts with fellow security enthusiasts.
Sessions
Elevate your cybersecurity workflow with Ghidra’s robust support for command line tools in this immersive, hands-on workshop. Tailored for developers and security analysts, you'll be guided through setting up a high-performance development environment using the Ghidra Python VSCode Devcontainer. Learn how to automate repetitive tasks, create custom analysis scripts, and integrate Ghidra's cutting-edge decompilation and disassembly features—complete with full debugging support right in VS Code.
The session begins with the fundamentals, introducing you to custom CLI tool development through simple, practical examples. As you build on this foundation, the workshop culminates in a hands-on exercise where you will develop a Python3 Model Context Protocol (MCP) server compatible with Claude AI and other LLM clients. This dynamic MCP server acts as an interface for automating Ghidra tasks via natural language commands, paving the way for LLM-assisted reverse engineering. By the end of this workshop, you'll have firsthand experience building an MCP server, working with Ghidra's powerful program API, and gaining a deeper understanding of how LLMs can streamline automation and enhance your reverse engineering processes.
Patch Tuesday has been reversed engineered. Automated CVE diffing is here. Don't guess what next month's security updates contain, just see them. In this talk, we are going to show you how to pry open the black box of Patch Tuesday.