A couple of days ago, I unearthed my first #computer, an #MSX straight from the ‘80s. It was lost in some box in the basement for who knows how long. Just feeling its power switch gave me the goosebumps…

This discovery came after sharing my hacker’s origin story with Nic Fillingham and Wendy Zenone in a new episode of Microsoft’s #BlueHat #Podcast.

https://thecyberwire.com/podcasts/the-bluehat-podcast/52/notes

Join us while we chat about my first-ever #CVE, overlooked #vulnerabilities that continue to pose significant risks today, #ActiveDirectory and #password security, my unexpected journey into #bugbounty hunting and my involvement in the #ZeroDayQuest, how to learn new things, mentorship and positive leadership, and of course pineapple pizza 🍍🍕

@cryptax I'm very interested in this topic. I have two (ZScaler and CrowdStrike). CS said: "can't fix; that's just how it works" and ZScaler quietly fixed it over a weekend. Thanks, I guess?

But both of these vendor issues could be present in other EDRs and proxies. Not like I have access to S1, Cortex, Defender and Netskope.

New to this coordinated disclosure thing. But going to #bluehat helped.

The massive scale and growth of #lowcode inside Microsoft.🤯

These numbers are from a presentation at MS #BlueHat conference where Michael Bargury and Don Willits talked about how to design an application security program for #PowerPlatform. Because when the numbers are 1000x compared to traditional AppSec programs, the traditional way won't work.

Full video here: https://www.youtube.com/watch?v=0jGUiaWAU04

Thrilled to share my BlueHat keynote is now live! 🎤

"A Clash of Cultures Comes Together to Change Software" dives into how early hacker groups like the L0pht began collaborating with tech companies, reshaping software security.

Watch here: https://www.youtube.com/watch?v=w6SAqT4ZQik

#BlueHat #Cybersecurity #Infosec #Hackers

Recently at #BlueHat, Vern Paxson shared insights on "Three decades of network security evolution", showcasing how rich data continues to shape the future of cybersecurity.

🌐 Corelight is proud to be at the forefront of this evolution, empowering organizations with the network evidence they need to tackle today's challenges.

#NetworkSecurity #NDR #Cybersecurity @msftsecurity

Something quite wonderful occurred at #bluehat 2024.

Caught up with a former mentee I worked with on getting their #OSCP. They shared they are now in a masters program and doing amazing things at work, and loving it. This lit up my heart and sparkles.

Helping others achieve their goals and reach for things they might not have, is an honor and a privilege to be a part of.

Needless to say.. an excellent time at #bluehat. Great to reconnect with good humans, some good content, and a whole heap of recharging my hacker heart.

#mentoring #cybersecurity

At #BlueHat today looking to connect with software supply chain security, code integrity and confidential computing enthusiasts 🤓

Yesterday at #bluehat I presented on some new security capabilities in open source package repositories (npm, PyPI, NuGet, ...), how #openssf is helping those capabilities spread across ecosystems, and lessons learned for any defensive security team: https://coffeehousecoders.org/blog/scaling_out_securing_open_source.html

Time for Microsoft's #bluehat! And it starts with @weldpond talking about the history of L0pht and hacking.. @msftbluehat

We’re at #BlueHat today! Join us in the village area to learn to pick or try your hand at our competition!

We have added #BlackAlps 2024 and #Bluehat 2024 conferences to the #InfoCon archives https://infocon.org

The BlueHat 2024 application to attend is now open! If you’re interested in attending #BlueHat in Redmond, WA, USA, October 29-30, please submit your application here: https://msft.it/6018mpd3C

Like this and repost if you're applying!

The BlueHat 2024 application to attend is open!

Hosted by the Microsoft Security Response Center (MSRC), BlueHat is where security researchers & responders from both inside & outside Microsoft come together as peers to exchange ideas, experiences & learnings in the interest of creating a safer & more secure world for all.

If you’re interested in attending #BlueHat in Redmond, WA, USA, October 29-30, please submit your application here: https://msft.it/6018mpd3C

#cybersecurity #Microsoft

“Inside the Zero-Day market” #bluehat2023 #slides #bluehat https://github.com/mdowd79/presentations/blob/main/bluehat2023-mdowd-final.pdf

Windows Hello: Fingerabdruckleser geknackt - im Auftrag von Microsoft #Fingerabdruck #WindowsHello #Blackwing #BlueHat #Elan #Synaptics #Goodix #Sensor #Hack #Hacker #Sicherheit #Dell #Lenovo #Surface https://winfuture.de/news,139715.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

More people on #bluehat #bluehat2023 should make the leap here from the birdsite. I feel most of the main #infosec community has already made that transition.

#security #fediverse

It may say welcome, but it’s time to say goodbye to #BlueHat - thanks for the renewed sense of community and energy, it was sorely needed.

I'm just hash-tagging #bluehat so I don't get fined

🤖 AI is increasing everyone's attack surface, whether they're ready or not...

@eljefedsecurit called this out brilliantly in his #Bluehat talk today, enumerating the stack and mitigations.

Jason Haddix, former CISO of Ubisoft, shared tremendous lessons-learned from his own experience and those of his network hit by #Lapsus$ at Microsoft's #BlueHat conference.

These attackers focused on creds and cookies sold on the dark web on sites such as Genesis, then purposely avoided EDR by targeting web-based apps such as Slack and Confluence. They bypassed authentication controls with the end goal of VPN access.

Lessons learned:
- Add mitigation controls for stolen creds and cookies including shortening session length, monitoring dark market sales, and adding a bug bounty for leaked creds.
- Add a team for secrets management: "You definitely have hard-coded creds somewhere in your network."
- Additional authentication controls such as tighter impossible travel settings and maps showing geographic location of login requests
- Set up jump hosts and network segmentation to access infrastructure and security products