Share

The BlueHat Podcast

The Microsoft Security Response Center podcast. Hear from cyber security researchers, responders, hackers, and engineers from within and outside of Microsoft working to make the world a safer place for all.


Latest episode

  • 30. MSRC VP Tom Gallagher on 25 Years of Security at Microsoft

    31:38
    Tom Gallagher, VP of Engineering and head of MSRC, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. After nearly 25 years at Microsoft, Tom reflects on his early days at the company, where he started as a penetration tester on SharePoint, offering insights into the evolving landscape of cybersecurity since 1999. Tom shares a few different experiences from his journey, including auditing a local ISP's security in exchange for a job, and his transition from an intern working on Internet Explorer's rendering engine to key roles in Office and eventually MSRC. Through Tom's experiences, you’ll gain a unique perspective on Microsoft's cybersecurity evolution and the broader industry landscape.    In This Episode You Will Learn:     A Clippy vulnerability that exemplifies the importance of external insights How you can support teams when they find vulnerabilities in their code Tom's experiences attending early Black Hat and DEFCON conferences   Some Questions We Ask:      How does your experience as a bug hunter influence your role at MSRC? Can you elaborate on the process of mitigating vulnerabilities quickly within SFI? Will you explain Trustworthy Computing and its significance in Microsoft's history?   Resources:  View Tom Gallagher on LinkedIn      View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

More episodes

View all episodes

  • 29. Educating the Future: Aaron Tng's Cybersecurity Blueprint

    32:51
    Aaron Tng, a Microsoft Student Ambassador and BlueHat Conference Speaker, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Aaron shares how his curiosity during the pandemic in 2020, sparked by the surge in cyber-attacks, propelled him into the world of cybersecurity. Through dedicated self-learning and leveraging resources like the Microsoft Learn website, Aaron achieved multiple certifications, laying the foundation for his expertise in cybersecurity.  Aaron is also passionate about the impact of Cybersecurity on society and actively promoting K-12 Cybersecurity Awareness and Education. He unveils his comprehensive four-point plan, which encompasses fundamental courses, advanced studies, educator training, and real-life internship opportunities. Aaron emphasizes the importance of moving beyond surface-level internet safety education, advocating for a deeper understanding of secure coding and threat modeling.    In This Episode You Will Learn:     The different resources utilized for Aaron’s cybersecurity education Aspirations for the future of cybersecurity education How Aaron founded a student-led nonprofit called Cyber Secure it   Some Questions We Ask:      What challenges did you face presenting to the Washington State Board of Education? How did you earn multiple cybersecurity certifications while still in high school? Why do you believe it's crucial to move beyond surface-level internet safety?   Resources:  View Aaron Tng on LinkedIn    View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 28. From Specs to Security

    33:38
    Dor Dali, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities.   In This Episode You Will Learn:     The unique perspective Dor has with RDP security research How to approach security research when following the protocol specifications The importance of clear documentation in preventing security vulnerabilities   Some Questions We Ask:      How did you design and build the Capture the Flag event? Did you face any unexpected hurdles while researching the RDP protocol's security? Have you found other security vulnerabilities by closely adhering to protocol specifications?   Resources:  View Dor Dali on LinkedIn   View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 27. Beyond the Code: Ethics and AI with Katie Paxton-Fear

    43:42
    Cyber Security Content Creator, Speaker & Ethical Hacker, Katie Paxton-Fear, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Katie holds a PhD in defense and security AI plus cybersecurity and works as an academic, teaching undergraduate students cybersecurity topics. She also runs a popular YouTube channel focused on bug bounty hunting, hacking, and pen testing. Katie shares her journey into cybersecurity, reflects on her initial interest in undeciphered languages and how it parallels her approach to cybersecurity, both involving a fascination with solving mysteries and uncovering hidden meanings.   In This Episode You Will Learn:     Approaching AI systems with caution when translating less-documented languages Concerns surrounding the use of copyrighted training data in AI systems Recognizing and addressing AI system limitations and biases in real-world deployments.  Some Questions We Ask:      Can fine-tuning AI models prevent degradation and improve performance? What are the ethical implications of putting sensitive information into AI systems How does relying on niche or obscure training data impact AI models?  Resources:  View Katie Paxton-Fear on LinkedIn  View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 26. SaaS Exposed: Unmasking Cyber Risks in Cloud Integrations

    39:16
    Luke Jennings, VP of Research & Development at Push Security joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Luke explains his recent presentation on a new SaaS cyber kill chain, exploring how attackers might target modern organizations heavily reliant on cloud and SaaS services, even when traditional infrastructure is minimal. The latest kill chain involves developing attack techniques specific to this environment, covering topics like lateral movement without conventional network infrastructure and adapting known techniques such as password guessing attacks to the SaaS landscape. Luke, Wendy, and Nic discuss the complexities of SaaS security, the intricacies of evil twin integrations, detection challenges, mitigation strategies, and the overall impact of these security issues on organizations.    In This Episode You Will Learn:     Identifying malicious activities and understanding normal application behavior The importance of having structured methodologies for approving SaaS app usage Challenges organizations face in detecting and preventing SaaS application threats   Some Questions We Ask:      How can an organization create alerts for new, unknown SaaS app integrations? What happens when a SaaS app integration is duplicated by an attacker? Would having a structured methodology for SaaS app usage help minimize risk?  Resources:  View Luke Jennings on LinkedIn  View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn   Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 25. Decoding Conference Proposals with Lea Snyder

    47:54
    Lea Snyder, Principal Security Engineer at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Lea is a security leader focused on security strategy and helping organizations mature their security posture and security programs, focusing on areas including IAM, product security, and risk management. Lea explains her unique role as a security architect, highlighting problem-solving across various domains within Microsoft. She shares her unconventional path to cybersecurity, starting with a background in economics and an MBA, and how she transitioned from IT roles to security. Lea, Wendy, and Nic discuss the importance of diverse backgrounds in the industry and offer advice on entering the cybersecurity field. Lea also discusses her involvement in community-driven conferences, particularly B-sides, highlighting their diverse and unique content.    In This Episode You Will Learn:     Tips for submitting conference proposals Challenges when balancing anonymity during a submission The importance of a supportive approach in the conference submission process  Some Questions We Ask:      Is there a typical anonymization process to ensure fairness and inclusivity? What are some challenges when selecting talks that resonate with an audience? Can you elaborate on the value behind B-sides conferences and the unique atmosphere?   Resources:  View Lea Snyder on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn   Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 24. Securing the Past with Dustin Heywood

    41:53
    Dustin Heywood, Hacker, Researcher, and Senior Leader at IBM, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Dustin provided a live demonstration of cracking NTLM version 1 during his BlueHat presentation, showcasing the process of responding to challenges, using coercion techniques, and ultimately extracting and cracking the NTLM hash. Dustin, Nic, and Wendy discuss checking group policies, auditing every object, ensuring relevant systems, and managing IT assets effectively. They emphasize the importance of IT asset management and recommend quarantining legacy systems with restricted access.    In This Episode You Will Learn:     Why security professionals need business skills for effective communication Advice for auditing legacy systems with vulnerable protocols  Extracting DPAPI keys and decrypting browser session history   Some Questions We Ask:      How do you manage risk for legacy systems deemed necessary for business? Can you discuss some of the outdated protocols in current IT environments? What guidance would you offer to IT professionals looking to audit their systems?  Resources:  View Dustin Heywood on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn   Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks   Discover and follow other Microsoft podcasts at microsoft.com/podcasts