{"version":"1.0","type":"rich","provider_name":"Acast","provider_url":"https://acast.com","height":250,"width":700,"html":"<iframe src=\"https://embed.acast.com/$/64ac54ede55ebb0011cb41b1/686c4a8b7254eb13351994c1?\" frameBorder=\"0\" width=\"700\" height=\"250\"></iframe>","title":"Hunting Variants: Finding the Bugs Behind the Bug","description":"<p>In this episode of The&nbsp;BlueHat&nbsp;Podcast, host&nbsp;<a href=\"https://www.linkedin.com/in/nicfill/\" rel=\"noopener noreferrer\" target=\"_blank\">Nic Fillingham</a>&nbsp;is joined by&nbsp;<a href=\"https://www.linkedin.com/in/ghughey/?utm_source=chatgpt.com\" rel=\"noopener noreferrer\" target=\"_blank\">George Hughey</a>&nbsp;from Microsoft who returns to discuss his Blue Hat India talk on variant hunting, explaining how MSRC uses submission data from hacking competitions like Pwn2Own and Tianfu Cup to uncover&nbsp;additional&nbsp;security vulnerabilities in Windows. George shares how incentives in competitions differ from bug bounty programs, how tools like&nbsp;CodeQL&nbsp;assist&nbsp;variant hunting, and why collaborating with the security research community is key to improving Windows security.&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How hacking competitions help find real-world Windows vulnerabilities&nbsp;</li><li>The role of MSRC in hunting variants beyond&nbsp;submitted&nbsp;vulnerabilities&nbsp;</li><li>Why fuzzing is not always effective for modern edge cases&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;</p><p>&nbsp;</p><ul><li>How do you decide which cases to pursue for variant hunting?&nbsp;</li><li>What advice do you have for researchers&nbsp;submitting&nbsp;variants?&nbsp;</li><li>How does the&nbsp;CodeQL&nbsp;team collaborate with your team?&nbsp;</li></ul><p>&nbsp;&nbsp;&nbsp;</p><p>&nbsp;&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><p><a href=\"https://www.linkedin.com/in/ghughey/?utm_source=chatgpt.com\" rel=\"noopener noreferrer\" target=\"_blank\">View George Hughey on LinkedIn</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><p><a href=\"https://www.linkedin.com/in/wendyzenone/\" rel=\"noopener noreferrer\" target=\"_blank\">View Wendy Zenone on LinkedIn</a>&nbsp;&nbsp;&nbsp;</p><p><a href=\"https://www.linkedin.com/in/nicfill/\" rel=\"noopener noreferrer\" target=\"_blank\">View Nic Fillingham on LinkedIn</a>&nbsp;&nbsp;</p><p>&nbsp;</p><p>&nbsp;&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;&nbsp;</p><p>&nbsp;&nbsp;</p><ul><li><a href=\"https://msthreatintelpodcast.com/\" rel=\"noopener noreferrer\" target=\"_blank\">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;&nbsp;</li><li><a href=\"https://afternooncybertea.com/\" rel=\"noopener noreferrer\" target=\"_blank\">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;&nbsp;</li><li><a href=\"https://uncoveringhiddenrisks.com/\" rel=\"noopener noreferrer\" target=\"_blank\">Uncovering Hidden Risks</a>&nbsp;&nbsp;&nbsp;</li></ul><p>&nbsp;&nbsp;</p><p>&nbsp;&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href=\"https://news.microsoft.com/podcasts/\" rel=\"noopener noreferrer\" target=\"_blank\">&nbsp;microsoft.com/podcasts</a>&nbsp;&nbsp;&nbsp;</p>","author_name":"Microsoft"}