Obtaining 800,000 Windows Binaries via Windows Update — by Aliz Hammond
Updated: Dec 26, 2020
SINCON 2020 Conference Deep-Tech Track
Day 2 (3 Jan 2021)
@ Main Stage
This talk aims to document the process of building a system to enumerate, download, extract, and aggregate files from Microsoft's Windows Update server, primarily for the purposes of exploit research and QA. The talk will explain various challenges in extracting these files and approaches for storing the non-trivial amount of data involved, including those used by other projects to a similar end.
While obviously useful for those seeking to write better exploits for Windows systems, the talk will also be relevant for defenders wishing to generate comprehensive 'known-good' file lists, as well those simply curious to pick through the resultant dataset to spot interesting anomalies (such as various files signed with certificates named some variation of 'TEST CERT').
The talk is intended to be useful to a broad audience, and so no prior knowledge of administering Windows Update nor of vulnerability research is assumed. An accompanying blog post goes into depth, and the associated code is to be released publically to coincide with the talk.
About Aliz Hammond
ALIZ HAMMOND is a vulnerability researcher who mostly spends his time fuzzing and exploiting any software that is unfortunate enough to come within arm's reach. Aliz has also spent time as a defender, probing Windows in various ways to obtain early indications of otherwise-stealthy attackers, as well as spending time as a software developer and as a network administrator. This has left them with a broad skillset, enabling them to use non-typical resources and approaches to security-related topics.