BlueHat

The Microsoft Security Community Videos: A Peek Behind the Curtain

Wednesday, July 22, 2009

Handle: EcoStrat’s All-Stars IRL: TwC Security All-Star Guest Bloggers Likes: Security, Vulnerability Research & Science, Defense and Responsible Disclosure Dislikes: 0-day, FUD As mentioned in Sarah’s Black Hat post, we’re profiling some of our own internal security members and sharing their perspectives around Microsoft’s engagement in the security community. Maarten Van Horenbeeck, Security Program Manager, Microsoft Security Response Center (MSRC) and Katie Moussouris, Senior Security Strategist, Secure Development Lifecycle (SDL), answer the following two questions:

心の会合: The Gathering

Friday, July 17, 2009

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run Konnichiwa! I guess you are wondering

• Attack
• Community-based Defense
• FIRST
• Hallway Tracks
• MMPC
• MSRC Ecosystem Strategy
• Security Conference Engagement
• Security Ecosystem
• Watering Hole

Securing our Legacy

Friday, June 19, 2009

Hi, this is Scott Stender from iSEC Partners. I recently had the privilege of speaking at Microsoft’s BlueHat event in Brussels on the topic of securing legacy systems. With all of the recent coverage on the need to secure our networked systems – national, corporate, and individual alike – I felt that the BlueHat event was a good time to shine the spotlight on those little-loved, perhaps little-known systems that keep our plugged-in society working.

• Attack
• BlueHat Security Briefings
• Security Conference Engagement
• Security Engineering

Stainless steel bridge

Monday, June 15, 2009

Hi! Manuel Caballero here. I had the pleasure of penetration testing (pen-testing) the previous versions of Microsoft Silverlight, and now, for the last three weeks, I’ve been playing around with the beta version of Silverlight 3. When I say, “the pleasure”, I really mean it. Playing with Silverlight means to play with a plug-in that, from a security point of view, was born being already mature.

• Internet Explorer (IE)
• Security Research
• Silverlight

A Brussels retrospective from Oahu

Thursday, June 11, 2009

** Handle:** Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change - the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk, egos Aloha from the Shakacon III, a security conference held each year in lovely Honolulu, Hawaii!

• Attack
• BlueHat Security Briefings
• Community-based Defense
• Defense-in-depth
• EcoStrat
• MSRC Ecosystem Strategy
• Security Conference Engagement
• Security Ecosystem

Announcing the BlueHat Security Forum: EU Edition

Tuesday, June 02, 2009

Handle: C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! Hey folks! I know this is typically the time of year when birds are chirping, the rain is _supposed _to be letting up, and those of you in the BlueHat network who are normally invited to attend the Spring BlueHat conference are asking yourselves, “Why did MSRC start doing the con only once a year?

• Attack
• BlueHat Security Briefings
• Community-based Defense
• EcoStrat
• Malicious Software (Malware)
• MSRC
• MSRC Ecosystem Strategy
• Security Conference Engagement
• Security Development Lifecycle (SDL)
• Security Ecosystem
• Security Research
• Watering Hole

Getting a business degree as part of Security Research?

Tuesday, June 02, 2009

What a great time to start thinking of travel – the weather is fairing up, June is here, and fortunately for me, I have a chance to take the driver seat again at another BlueHat conference! This time it’s in Brussels and I’m really looking forward to talking again about one of my favorite topics (eCrime – technology and business), as well as networking with the Microsoft gang and their European counterparts.

• Attack
• BlueHat Security Briefings
• Cyberbullying
• Emerging Threat
• Identity/Identity Theft
• Malicious Software (Malware)
• Password Stealers

Dune Busting and Browser Fun at HITB – Dubai

Wednesday, May 13, 2009

Hi, Billy Rios here, I was recently invited to speak at Hack in the Box (HITB) in Dubai. While at HITB, I participated in two different talks, but I’m going to focus on the talk Chris Evans and I co-presented: “Cross Domain Leakiness.” Chris Evans is a security lead for Google’s Core Security team.

• Attack
• Internet Explorer (IE)
• Security Conference Engagement
• Security Engineering
• Threat Modeling
• Web Applications

Hack in the Box, and beyond…

Wednesday, May 13, 2009

** Handle: EcoStrat’s All-Stars IRL: TwC Security All-Star Guest Bloggers Likes: Security, Vulnerability Research & Science, Defense and Responsible Disclosure Dislikes: 0-day, FUD ** Marhaban! Maarten Van Horenbeeck here from the Microsoft Security Response Center (MSRC). This is the first time I have blogged here on EcoStrat. As a Security Program Manager with MSRC, one of the roles I have is to work with security researchers, and this often involves attending security conferences to meet with you.

• BlueHat Security Briefings
• EcoStrat
• MSRC
• Security Conference Engagement
• Security Development Lifecycle (SDL)
• Security Ecosystem
• Security Engineering
• Security Tools
• Watering Hole

Capt I.M. Hardened OS-Microsoft

Friday, May 08, 2009

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run Hey, Steve here. Just finally settling back in after traveling a bit, meeting up with different parts of the security ecosystem.

• Defense-in-depth
• EcoStrat
• MSRC Ecosystem Strategy
• Security Conference Engagement
• Security Ecosystem