Hiding in Plain Sight – Taking Control of Windows Patches

SecTor 2016

Presented by: Travis Smith
Date: Wednesday October 19, 2016
Time: 14:40 - 15:40
Location: 801A
Track: Tech

On the second Tuesday of every month, Windows administrators stand ready to deploy the swarm of patches issues by Microsoft addressing new vulnerabilities found on mission-critical systems. Although this patch management routing may have system admins feeling overwhelmed, Patch Tuesdays are expected, allowing them to plan accordingly for the maintenance windows. But IT organizations are not the only ones on standby – these expected changes also grant attackers the opportunity to hide their malicious intent in an abundance of patches. This session will demonstrate how an attacker can exploit a gap in the information provided by Microsoft, in order to bypass security products intended to validate the integrity of patches on Windows systems. As part of this talk, free tools and resources to enable organizations to defend against such an attack will be made available.

Links

Travis Smith

Travis is a security researcher at Tripwire. With over 10 years of experience in information security, he specializes in defensive counter-measures with a passion for forensics and security analytics.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats