The BlueHat Podcast

Rohit Mothe, Senior Security Researcher at Microsoft, and Windows Security professional George Hughey join Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. In this episode, they discuss integer overflow bugs, how they can be nuanced and often confused with other bug categories, why accurately classifying these bugs is crucial for developing effective strategies to fix them at scale, and examples of high-profile vulnerabilities caused by integer overflow.   In This Episode You Will Learn:      The challenges of accurately identifying integer overflow bugs  How developers can proactively prevent integer overflow vulnerabilities in their code  Why not all integer overflows are malicious and also necessary for certain applications    Some Questions We Ask:      What is an integer overflow?  How can developers mitigate the risk of integer overflow vulnerabilities?  What are some examples of high-profile exploits based on integer overflow vulnerabilities?  Resources:   View Rohit Mothe on LinkedIn View George Hughey on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Follow George on Twitter Follow Rohit on Twitter  Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information.

Rachel Giacobozzi, Principal Research Lead at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Rachel explains the importance of creating a cohesive story not only to convey what happened in an attack but also to explain its significance, why we need to start addressing phishing attacks through education and guidance, and how they make their content concise, clear, and understandable to a wide range of audiences.   In This Episode You Will Learn:      How threat intelligence be used to stay ahead of cyber attacks  Why being open to growth benefits both security candidates and employers  The concept of "telling stories" in threat intelligence   Some Questions We Ask:      What is the importance of actionable insights in threat intelligence?  How does the team behind threat intelligence stay updated with the latest trends?  What is the decision-making process for selecting which stories to tell?     Resources:   View Rachel Giacobozzi on LinkedIn View Nic Fillingham on LinkedIn View Wendy Zenone on LinkedIn  Send us feedback: bluehat@microsoft.com Follow us on Twitter: @MSFTBlueHat  Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information.

Raul Rojas, Principal Security Compliance Manager at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Raul manages and leads a team of information security professionals across application security, incident response, remediation, security data science & engineering. Raul discusses the importance of AI in various fields, such as healthcare, finance, and cybersecurity, the impact AI will have on privacy, and the need for regulations and governance frameworks to ensure responsible AI development and deployment.   In This Episode You Will Learn:      How the field of AI and machine learning in security is evolving  The value of integrating security principles and seeking input from the security community   Why the security community needs to develop new tools and processes for  AI and Data.    Some Questions We Ask:      Can you share an example of a successful project transition from research to production?  Are there already existing fundamentals in machine learning and AI security?  What are the potential risks of attackers manipulating AI and machine learning models?   Resources:   View Raul Rojas on LinkedIn View Nic Fillingham on LinkedIn View Wendy Zenone on LinkedIn  Send us feedback: bluehat@microsoft.com Follow us on Twitter: @MSFTBlueHat  Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information.

Dan Tentler, Executive Founder and CTO of Phobos Group, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Dan has a wealth of defensive and adversarial knowledge and a strong background in systems, networking, architecture, and wireless networks. Dan discusses his time at BlueHat 2023, why you should put everything behind a VPN, and how a typo and Jeff Goldblum's movie Hideaway helped create his current online handle.     In This Episode You Will Learn:      Why it's important to hold onto old techniques and knowledge   The premise and thoughts behind Dan’s 2023 BlueHat presentation  How people can still protect themselves with old security tools   Some Questions We Ask:      How did your security career start and grow into speaking at BlueHat 2023?  What tools and techniques were available in the beginning of your career?   What were some big takeaways from your presentation at BlueHat?     Resources:    View Nic Fillingham on LinkedIn View Wendy Zenone on LinkedIn  Send us feedback: bluehat@microsoft.com Follow us on Twitter: @MSFTBlueHat  Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information.

Cameron Vincent, a security researcher at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Cameron has been one of the top researchers for both Microsoft and Google programs numerous times. He now works on the V&M team within the MSRC side, dealing with security issues internally. Cameron discusses with Nic and Wendy the importance of understanding your role and responsibilities in the workplace, the first bug he ever submitted, and his time presenting at BlueHat 2023.   In This Episode You Will Learn:      The benefits of face-to-face communication and how to balance it with technology.  Why you should build a supportive culture of communication  How to get involved in the world of bug bounty hunting   Some Questions We Ask:      How do you manage and deal with stress and burnout from your work?  What are some practical ways to provide feedback to team members?  How can we improve communication in a remote work environment?    Resources:   Follow Cameron Vincent on Twitter Watch Cameron speak at BlueHat 2023  View Nic Fillingham on LinkedIn View Wendy Zenone on LinkedIn Send us feedback: bluehat@microsoft.comFollow us on Twitter: @MSFTBlueHat Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information.

James Forshaw, a security researcher at Google's Project Zero, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. James has been involved with computer hardware and software security for over ten years and has been listed as the number one researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. James is also the author of the book "Attacking Network Protocols" which is available from NoStarch Press. James discusses going after logic-based bugs, his time at BlueHat 2023, and how creativity and intuition help him while hunting for new bugs.     In This Episode You Will Learn:      Values and benefits of writing your own tooling  Why James decided on a high-level, call-to-action presentation for BlueHat 2023  The inspiration behind his new book “Attacking Network Protocols”   Some Questions We Ask:      Is there a sequence of events you follow when hunting for a logic vulnerability?  When should someone consider writing their own tools?  What advantages come to mind when writing your tooling for a new project?    Resources:   Watch James Forshaw at BlueHat 2023  View James Forshaw on LinkedIn View Nic Fillingham on LinkedIn View Wendy Zenone on LinkedIn Send us feedback: bluehat@microsoft.comFollow us on Twitter: @MSFTBlueHatDiscover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information.

David Weston, Vice President of Enterprise and OS Security at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. With over twenty years of experience in the industry, David has a deep knowledge of cybersecurity best practices and has been recognized as a thought leader. In addition to his work in cybersecurity, David also advocates for diversity and inclusion in the tech industry. He has been actively involved in initiatives to promote diversity in cybersecurity and has spoken about the need for greater diversity in the industry. David discusses with Nic the importance of having a comprehensive cybersecurity strategy, the value of creating a culture of cybersecurity within organizations, and why we need regular software updates and investing in cybersecurity tools.    In This Episode You Will Learn:      How organizations can create a culture of cybersecurity among their employees  The most effective ways to train employees on cybersecurity best practices  Tools and technologies that organizations can use to protect themselves   Some Questions We Ask:      How can organizations overcome some of their biggest challenges in security?   Can you share some common mistakes that organizations make regarding cybersecurity?  How do you see the cybersecurity landscape evolving in the coming years?    Resources:    View David Weston on LinkedIn View Nic Fillingham on LinkedIn View Wendy Zenone on LinkedIn Send us feedback: bluehat@microsoft.comFollow us on Twitter: @MSFTBlueHatDiscover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information.

Get ready for The BlueHat Podcast - A new security research-focused podcast from Microsoft featuring conversations with security researchers and industry leaders, both inside and outside of Microsoft. Hosted on Acast. See acast.com/privacy for more information.