Security
Headlines
HeadlinesLatestCVEs

Headline

Time for day 2 of briefings at BlueHat Seattle!

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent (complete with toasted marshmallows). Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising correlations between vuln severity, age, and time to fix, and we saw applications for machine learning for malware detection—as well as some of the attack surface for machine learning and how to protect it.

msrc-blog
#vulnerability#mac#windows#microsoft#intel

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent (complete with toasted marshmallows). Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising correlations between vuln severity, age, and time to fix, and we saw applications for machine learning for malware detection—as well as some of the attack surface for machine learning and how to protect it. And that’s just a sample: the day was full and we’re looking forward to doing it again today.

Please join us for breakfast at the Showbox SoDo when the doors open at 8:30. At 9:30, we’ll start the day with opening remarks from David Weston, Partner Director of OS security at Microsoft and responsible for the Offensive Security Research Team.

The rest of the day will be our single track of sessions from both Microsoft and our industry partners. Talks will run the gamut of attack vectors and defenses that concern us most today. For a sample, we’ll discuss identity attacks, review what has gone well and what hasn’t in incident response, explore attacks on networking infrastructure, demystify some binary analysis techniques, and probe software timer security. We’ll end the sessions by exploring the attack surface of the Remote Desktop Protocol, including a demo of the BlueKeep exploit.

Time

Speaker

Session

9:35AM - 10:20AM

Dirk-jan Mollema

I’m in your cloud: A year of hacking Azure AD

10:25AM - 11:10AM

John-Luke Peck (CI Security)

Autopsies of Recent DFIR Investigations

11:15AM - 12:00PM

Yueqiang Cheng (Baidu USA)

Aion Attacks: Exposing SGX Software Timers

1:00PM - 1:45PM

Elvis Collado (Exodus Intelligence)

Don’t forget to SUBSCRIBE.

1:50PM - 2:35PM

Jordan Wiens and Peter LaFosse (Vector 35, Inc)

Modern Binary Analysis with ILs

3:05PM - 3:50PM

Tao Yan (Palo Alto Networks)

Pool Fengshui in Windows RDP Vulnerability Exploitation

3:50PM - 4:00PM

Kymberlee Price (Microsoft)

Closing Remarks

We’ll have a break for lunch (served at the venue) and a 30-minute break in the afternoon, and after we close we will have a happy hour for all our attendees.

Finally, thank you all so much for supporting a food drive for Northwest Harvest SoDo, a local non-profit food bank! The response has been amazing. For the second day, we will have a box at the ShowBox to accept donations of shelf-stable food and diapers.

It’s going to be a great day for BlueHat Seattle. See you soon!

msrc-blog: Latest News

Congratulations to the Top MSRC 2024 Q3 Security Researchers!