The BlueHat Podcast

Microsoft
  • 4.0(11則評分)
  • 科技
  • 隔週更新
The BlueHat Podcast

Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all. 

  1. 1月8日

    Defending Against NTLM Relay Attacks with Rohit Mothe and George Hughey

    In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone welcome back George Hughey and Rohit Mothe from the Microsoft Security Response Center (MSRC) to discuss their latest blog post on mitigating NTLM relay attacks by default. George and Rohit explain their roles in vulnerability hunting and delve into NTLM, a 40-year-old authentication protocol, outlining its vulnerabilities and the risks of relay attacks, which function as a type of man-in-the-middle exploit. They highlight Microsoft's move to a "secure by default" approach, ensuring mitigations like channel binding are enabled automatically, providing stronger protections across services like Exchange, Active Directory Certificate Services (ADCS), and LDAP.     In This Episode You Will Learn:     Steps users can take to enhance security in their environments  Why legacy protocols remain a challenge and what the future might hold  The challenges and successes of improving authentication security      Some Questions We Ask:  What is an NTLM relay attack, and how does it work?  Can you explain channel binding and its role in preventing NTLM relay attacks?  What challenges arise from modernizing authentication in complex environments?         Resources:       View George Hughey on LinkedIn   View Rohit Mothe on LinkedIn   View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts

    40 分鐘

  2. 2024/12/25

    Navigating AI Safety and Security Challenges with Yonatan Zunger [Encore]

    Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses.      In This Episode You Will Learn:       How predictive AI anticipates outcomes based on historical data  The difficulties and strategies involved in making AI systems safe and secure from misuse  How role-playing exercises help developers understand the behavior of AI systems    Some Questions We Ask:        What distinguishes predictive AI from generative AI?  Can generative AI be used to improve decision-making processes?  What is the role of unit testing and test cases in policy and AI system development?    Resources:   View Yonatan Zunger on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts

    54 分鐘

  3. 2024/12/11

    Johann Rehberger on Researching AI & LLM Attacks

    In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Johann Rehberger, security expert and Red Team director at Electronic Arts. Johann shares his career journey through roles at Microsoft, Uber, and EA, highlighting his expertise in red teaming and cybersecurity. Johann shares the inspiration behind his book on Red Team strategies and discusses his BlueHat 2024 talk on prompt injection vulnerabilities, a critical and evolving AI security challenge. Johann breaks down the distinction between prompt injection and jailbreaking, offering insights into the potential risks, including data exfiltration and system unavailability, and emphasizes the importance of securing Red Teams themselves.      In This Episode You Will Learn:     Why AI tools should have stricter default settings to control what kind of outputs they generate  The importance of reading technical documentation to understand how AI systems are built  Why developers should implement stronger filters for what tokens are allowed to be emitted by LLMs    Some Questions We Ask:    How are prompt injection and SQL injection similar, and how are they different?  What is AI spyware, and how does it exploit memory tools in ChatGPT?  Does AI jailbreaking access the LLM’s core system like iPhone jailbreaking does the OS?         Resources:       View Johann Rehberger on LinkedIn   View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts

    49 分鐘

  4. 2024/11/27

    BlueHat 2024 Day 2 Keynote: Amanda Silver, CVP Microsoft Developer Division

    In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone present an insightful address by Corporate Vice President and Head of Product for Microsoft's Developer Division, Amanda Silver. Amanda discusses the importance of securing the software supply chain and Microsoft's efforts to protect the open-source ecosystem. She introduces the Secure Software Supply Chain Consumption Framework (S2C2F), a model for tracking and defending against vulnerabilities in open-source dependencies. Silver highlights tools like Dependabot and improvements in NuGet to help developers address security issues seamlessly. She also shares a case study on the "XZ" supply chain attack, underscoring the need for a security mindset in tech culture. Silver closes by urging listeners to adopt a proactive approach to cybersecurity, emphasizing that attacks are inevitable.       Resources:    View Amanda Silver on LinkedIn      View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

    46 分鐘

  5. 2024/11/13

    BlueHat 2024 Day 1 Keynote: Chris Wysopal AKA Weld Pond

    In episode 41 of The BlueHat Podcast we bring you the BlueHat 2024 day 1 keynote address given by Chris Wysopal, also known as Weld Pond, founder and Chief Security Evangelist at VeraCode, and founding member of the L0pht.     Chris’ talk - A Clash of Cultures Comes Together to Change Software Security - recounts the early days of “hacking” and how the industry evolved to embrace vulnerability discovery and coordinated, responsible disclosure.    Chris presentation provides a fascinating reflection on a tumultuous period for Microsoft around 2001, marked by significant vulnerability discoveries, which ultimately led to the establishment of the Organization for Internet Safety and the consultancy AtStake, transforming the security landscape and professionalizing the role of hackers. Watch Chris’ BlueHat 2024 Day 1 Keynote here: https://youtu.be/w6SAqT4ZQik    Resources:    View Chris Wysopal on LinkedIn      View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts

    48 分鐘

  6. 2024/10/30

    From Software to Security: Arjun Gopalakrishna’s Journey at Microsoft

    In this episode of the Blue Hat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Arjun Gopalakrishna, a security engineer at Microsoft, to discuss his fascinating journey from software engineer to security leader. Arjun reflects on his 11-year tenure at Microsoft, including how a childhood experience with a computer virus sparked his curiosity in cybersecurity. He talks about his early exposure to security issues while working in Windows and his eventual transition to Azure security. Arjun also shares insights into how he began presenting security talks internally through Microsoft's Strike program and how he continues to use storytelling to make complex security concepts approachable for colleagues across the company.    In This Episode You Will Learn:       The importance of empathy and accessibility when discussing technical vulnerabilities  Why Arjun honed his focus on cloud security, application security, and offensive security.  How Microsoft's internal Strike platform helps employees build a deeper understanding of cybersecurity  Some Questions We Ask:        Can you walk us through how you honed in on a specific area of security?  What are your tips for bringing non-security professionals into a security mindset?  Is there anything you're specifically working on within SFI?     Resources:   View Arjun Gopalakrishna on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

    43 分鐘

  7. 2024/10/16

    Host vs Host: Get to Know Nic and Wendy

    In this episode of the Blue Hat Podcast, hosts Nic Fillingham and Wendy Zenone interview each other to give listeners insight into their personal and professional backgrounds. Nic recounts his unique career journey, which began with jobs like working as a chicken butcher and selling CDs, before joining Microsoft as an Xbox demo specialist. His career with Microsoft spanned various roles, ultimately leading him to work on the Blue Hat program, where he was captivated by the concept of ethical hacking. Wendy, on the other hand, shares her transition from PR into security, with stops at Netflix and Salesforce, and her current role at Microsoft leading the Strike program.    In This Episode You Will Learn:      Wendy’s experience buying chicken from a stranger in a parking lot  Nic’s encounter with The Rock during a wrestling game demo  Wendy starting in public relations before transitioning to the security world    Some Questions We Ask:       How did attending an all-women’s software engineering school influence your career shift?  What do you enjoy most about working in the security field?  What advice do you have for women looking to enter the security industry?     Resources:   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

    36 分鐘

  8. 2024/10/02

    Behind the Scenes and Best Practices for Submitting to MSRC with Jim Hull

    Jim Hull, Program Manager at MSRC joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast to share insights into his role in reviewing vulnerability reports and managing cases. They dive into the submission process, detailing the types of reports accepted by MSRC and what happens after a researcher submits a potential vulnerability. The conversation also highlights the accessibility of the portal for anyone interested in identifying security issues, whether they are professionals or hobbyists. Jim explains the importance of providing clear proof of concept when submitting a vulnerability and walks through the steps MSRC takes to triage, reproduce, and resolve reports.    In This Episode You Will Learn:       Why a detailed proof of concept is essential when submitting a vulnerability  How the MSRC collaborates with engineers at Microsoft to resolve vulnerabilities  The importance of including video or image documentation to support reports    Some Questions We Ask:        What is the vulnerability triage process at MSRC?  How long does it take to fix a vulnerability after it’s been reported?  Why is it important to use the researcher portal instead of email or social media?     Resources:   Microsoft Security Response Center     View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

    39 分鐘
顯示全部 (46)

預告片

4
(滿分 5 顆星)
11 則評分

簡介

Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all. 

資訊

  • 創作者
    Microsoft
  • 活躍年代
    2023年 - 2025年
  • 集數
    46
  • 年齡分級
    兒少適宜
  • 版權
    ©2024 Microsoft
  • 節目網站
    The BlueHat Podcast

你可能也會喜歡

若要收聽兒少不宜的單集,請登入帳號。

隨時掌握此節目最新消息

登入或註冊後,即可追蹤節目、儲存單集和掌握最新資訊。
選取國家或地區

非洲、中東和印度

亞太地區

歐洲

拉丁美洲與加勒比海地區

美國與加拿大