Persist It - Using and Abusing Microsoft's Fix It Patches

Explore the intricacies of Microsoft's Fix It patches in this Black Hat Asia 2014 conference talk. Delve into the analysis of in-memory patches and their role in preventing exploitation. Learn how to extract valuable information from these patches to gain insights into vulnerabilities Microsoft aims to address. Discover techniques for reverse engineering patches and leveraging this knowledge to maintain system persistence. Examine real-world cases, such as the XML Core Services bug, and understand the structure of Application Compatibility Databases. Gain hands-on experience with tools like the Application Compatibility Toolkit and custom utilities for patch installation. Follow along as the speaker demonstrates the process of creating and configuring sample targets, debugging, and manipulating the shim engine. Enhance your understanding of Microsoft's security measures and potential vulnerabilities in this comprehensive exploration of Fix It patches.

Introduction
About the speaker
Slides
What are Fix It Patches
Secrets of the Application Compatibility Database
Mark Badgett
Tools
Application Compatibility Toolkit
svtoxml
cdd
spinst
registry locations
my tool for installing
real world cases
XML Core Services bug
Fix It
Reverse Engineering
High Level View
Pseudo Code
Documentation
Git Tag Structure
Uninitialized Data
Displaying Patches
IDA
Required Information
Config Files
Sample Target
Sample Configuration
Run Sample Target
Create Process Internal
Debug View
Config File
Load Explorer into IDE
Shell Code
Disable shim engine
Search for sap files
References
Questions