Épisodes

  • Secret Herbs, Spices and Hacking Copilot Studio

    Secret Herbs, Spices and Hacking Copilot Studio
    Feb 19 2025
    In this episode of The BlueHat Podcast, host Nic Fillingham is joined by Scott Gorlick, Security Architect for Power Platform at Microsoft. Scott shares his unconventional journey into cybersecurity, from managing a KFC to driving big rigs before landing in tech. He dives into security research in Copilot Studio, discussing how AI models interact with security frameworks and how researchers can approach testing these systems. We also explore his recent training video on YouTube, which provides guidance for security researchers looking to engage with Microsoft’s bug bounty program. In This Episode You Will Learn: What Scott does to ensure Power Platform applications remain governable and secure Why security and software quality go hand in hand in modern development. How security researchers can explore vulnerabilities in Microsoft's low-code AI development platform Some Questions We Ask: What kinds of security issues should researchers focus on in Copilot Studio? Can Copilot help researchers write better reports, especially in different languages? How can researchers get access to Copilot Studio? Is there a free version? Resources: View Scott Gorlick on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Security Research in Copilot Studio Overview and Training on YouTube Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
    Voir plus Voir moins
    44 min
  • Automating Dynamic Application Security Testing at Scale

    Automating Dynamic Application Security Testing at Scale
    Feb 5 2025
    In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Jason Geffner, Principal Security Architect at Microsoft, to discuss his groundbreaking work on scaling and automating Dynamic Application Security Testing (DAST). Following on from his BlueHat 2024 session, and outlined in this MSRC blog post, Jason explains the key differences between DAST, SAST, and IAST, and dives into the challenges of scaling DAST at Microsoft’s enterprise level, detailing how automation eliminates manual configuration and improves efficiency for web service testing. In This Episode You Will Learn: Overcoming the challenges of authenticated requests for DAST tools The importance of API specs for DAST and how automation streamlines the process Insights into how Microsoft uses DAST to protect its vast array of web services Some Questions We Ask: What's a lesson from this work that you can share with those without Microsoft's resources? Can you explain what the transparent auth protocol is that you mentioned in the blog post? How is your work reducing the manual effort needed to configure DAST system services? Resources: View Jason Geffner on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Blog Post: Scaling Dynamic Application Security Testing (DAST) | MSRC Blog Related BlueHat Session Recording: BlueHat 2024: S10: How Microsoft is Scaling DAST Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
    Voir plus Voir moins
    46 min
  • Refactoring the Windows Kernel with Joe Bialek

    Refactoring the Windows Kernel with Joe Bialek
    Jan 22 2025
    In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by BlueHat 2024 presenter Joe Bialek, a security engineer at Microsoft with over 13 years of experience. Joe shares his fascinating journey from intern to red team pioneer, recounting how he helped establish the Office 365 Red Team and pushed the boundaries of ethical hacking within Microsoft. He discusses his formative years building sneaky hacking tools, navigating the controversial beginnings of red teaming, and transitioning to the Windows Security Team to focus on low-level security and mitigations. Joe reflects on the challenges of internal hacking, the human reactions to being "hacked," and the value of strengthening defenses before external threats arise. In This Episode You Will Learn: How Microsoft is developing tooling to identify and address bad programming patterns Why kernel-related discussions are primarily focused on Windows and driver developers The challenges developers face when reading and writing through pointers in C or C++ Some Questions We Ask: How does working with the Windows kernel impact system security and performance? What sets Windows kernel and driver development apart from other types of development? Why should internal teams test systems for vulnerabilities before external hackers? Resources: View Joe Bialek on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn BlueHat 2024 Session: Pointer Problems – Why We’re Refactoring the Windows Kernel Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks  Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
    Voir plus Voir moins
    47 min
  • Defending Against NTLM Relay Attacks with Rohit Mothe and George Hughey

    Defending Against NTLM Relay Attacks with Rohit Mothe and George Hughey
    Jan 8 2025
    In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone welcome back George Hughey and Rohit Mothe from the Microsoft Security Response Center (MSRC) to discuss their latest blog post on mitigating NTLM relay attacks by default. George and Rohit explain their roles in vulnerability hunting and delve into NTLM, a 40-year-old authentication protocol, outlining its vulnerabilities and the risks of relay attacks, which function as a type of man-in-the-middle exploit. They highlight Microsoft's move to a "secure by default" approach, ensuring mitigations like channel binding are enabled automatically, providing stronger protections across services like Exchange, Active Directory Certificate Services (ADCS), and LDAP. In This Episode You Will Learn: Steps users can take to enhance security in their environments Why legacy protocols remain a challenge and what the future might hold The challenges and successes of improving authentication security Some Questions We Ask: What is an NTLM relay attack, and how does it work? Can you explain channel binding and its role in preventing NTLM relay attacks? What challenges arise from modernizing authentication in complex environments? Resources: View George Hughey on LinkedIn View Rohit Mothe on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
    Voir plus Voir moins
    40 min
  • Navigating AI Safety and Security Challenges with Yonatan Zunger [Encore]

    Navigating AI Safety and Security Challenges with Yonatan Zunger [Encore]
    Dec 25 2024
    Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses. In This Episode You Will Learn: How predictive AI anticipates outcomes based on historical data The difficulties and strategies involved in making AI systems safe and secure from misuse How role-playing exercises help developers understand the behavior of AI systems Some Questions We Ask: What distinguishes predictive AI from generative AI? Can generative AI be used to improve decision-making processes? What is the role of unit testing and test cases in policy and AI system development? Resources: View Yonatan Zunger on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
    Voir plus Voir moins
    54 min
  • Johann Rehberger on Researching AI & LLM Attacks

    Johann Rehberger on Researching AI & LLM Attacks
    Dec 11 2024
    In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Johann Rehberger, security expert and Red Team director at Electronic Arts. Johann shares his career journey through roles at Microsoft, Uber, and EA, highlighting his expertise in red teaming and cybersecurity. Johann shares the inspiration behind his book on Red Team strategies and discusses his BlueHat 2024 talk on prompt injection vulnerabilities, a critical and evolving AI security challenge. Johann breaks down the distinction between prompt injection and jailbreaking, offering insights into the potential risks, including data exfiltration and system unavailability, and emphasizes the importance of securing Red Teams themselves. In This Episode You Will Learn: Why AI tools should have stricter default settings to control what kind of outputs they generate The importance of reading technical documentation to understand how AI systems are built Why developers should implement stronger filters for what tokens are allowed to be emitted by LLMs Some Questions We Ask: How are prompt injection and SQL injection similar, and how are they different? What is AI spyware, and how does it exploit memory tools in ChatGPT? Does AI jailbreaking access the LLM’s core system like iPhone jailbreaking does the OS? Resources: View Johann Rehberger on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
    Voir plus Voir moins
    49 min
  • BlueHat 2024 Day 2 Keynote: Amanda Silver, CVP Microsoft Developer Division

    BlueHat 2024 Day 2 Keynote: Amanda Silver, CVP Microsoft Developer Division
    Nov 27 2024
    In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone present an insightful address by Corporate Vice President and Head of Product for Microsoft's Developer Division, Amanda Silver. Amanda discusses the importance of securing the software supply chain and Microsoft's efforts to protect the open-source ecosystem. She introduces the Secure Software Supply Chain Consumption Framework (S2C2F), a model for tracking and defending against vulnerabilities in open-source dependencies. Silver highlights tools like Dependabot and improvements in NuGet to help developers address security issues seamlessly. She also shares a case study on the "XZ" supply chain attack, underscoring the need for a security mindset in tech culture. Silver closes by urging listeners to adopt a proactive approach to cybersecurity, emphasizing that attacks are inevitable. Resources: View Amanda Silver on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
    Voir plus Voir moins
    46 min
  • BlueHat 2024 Day 1 Keynote: Chris Wysopal AKA Weld Pond

    BlueHat 2024 Day 1 Keynote: Chris Wysopal AKA Weld Pond
    Nov 13 2024
    In episode 41 of The BlueHat Podcast we bring you the BlueHat 2024 day 1 keynote address given by Chris Wysopal, also known as Weld Pond, founder and Chief Security Evangelist at VeraCode, and founding member of the L0pht. Chris’ talk - A Clash of Cultures Comes Together to Change Software Security - recounts the early days of “hacking” and how the industry evolved to embrace vulnerability discovery and coordinated, responsible disclosure. Chris presentation provides a fascinating reflection on a tumultuous period for Microsoft around 2001, marked by significant vulnerability discoveries, which ultimately led to the establishment of the Organization for Internet Safety and the consultancy AtStake, transforming the security landscape and professionalizing the role of hackers. Watch Chris’ BlueHat 2024 Day 1 Keynote here: https://youtu.be/w6SAqT4ZQik Resources: View Chris Wysopal on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
    Voir plus Voir moins
    48 min