Sign in
TechNet Blogs
Technet Blog Images
More ...
Common Tasks
Blog Home
Email Blog Author
About
RSS for posts
RSS for comments
Search
Recent Posts
Beliefs from an Ex-softy
Posted
over 2 years ago
by
BlueHat1
1
Comments
BlueHat v11
Posted
over 2 years ago
by
BlueHat1
1
Comments
Getting Into Information Security Intelligence Gathering: A BlueHat v10 Retrospective from Speakers Ian Iftach Amit and Fyodor Yarochkin
Posted
over 3 years ago
by
BlueHat1
0
Comments
The Rapidly Evolving Exploitation Playground
Posted
over 3 years ago
by
BlueHat1
0
Comments
MAPP – An Insider's view
Posted
over 3 years ago
by
BlueHat1
0
Comments
Tags
ActiveX
Attack
Attack Vector
Black Hat
BlueHat Security Briefings
Cloud Computing Privacy
Community-based Defense
Cyberbullying
Cybersecurity
Emerging Threat
Identity/Identity Theft
Internet Explorer (IE)
Malicious Software (Malware)
Microsoft Windows
Password Stealers
Responsible Disclosure
Security Bulletin
Security Conference Engagement
Security Engineering
Security Research
Silverlight
Threat Modeling
Web Applications
Archives
Archives
November 2011
(2)
November 2010
(1)
October 2010
(1)
July 2010
(2)
May 2010
(1)
April 2010
(1)
March 2010
(2)
February 2010
(1)
December 2009
(1)
November 2009
(1)
October 2009
(4)
September 2009
(1)
July 2009
(1)
June 2009
(3)
May 2009
(1)
April 2009
(2)
February 2009
(1)
January 2009
(1)
November 2008
(1)
October 2008
(3)
September 2008
(4)
August 2008
(2)
July 2008
(2)
June 2008
(1)
May 2008
(3)
April 2008
(4)
March 2008
(3)
October 2007
(1)
September 2007
(7)
May 2007
(3)
October 2006
(1)
June 2006
(1)
March 2006
(8)
BlueHat 3 Speaker Websites
Adam Shostack - Emergent Chaos
blog
Caleb Sima - SPI Dynamics
corporate website
David Litchfield - NGS Software
corporate website
j0hnny Long - ihackstuff.com
personal website
Kev Dunn - NGS Software
corporate website
Alexander Kornbrust - Red Database Security
corporate website
HD Moore - Metasploit
organization website
Halvar Flake - Sabre Security
corporate website
Alex Stamos & Scott Stender - iSEC Partners
corporate website
Dan Kaminsky - Doxpara Research
personal website
BlueHat 2 Speaker Websites
David Maynor - ISS
corporate website
jussi & yrg - Toolcrypt Group
organization website
Vinnie Liu - Stach & Liu Consulting
corporate website
Matt Miller - Wehnus
corporate website
Brett Moore - Security-Assessment.com
corporate website
BlueHat 1 Speaker Websites
Dino Dai Zovi - Matasano Security, LLC
corporate website
spoonm & HD Moore - Metasploit
organization website
Dug Song - Arbor Networks
corporate website
Dan Kaminsky - Doxpara Research
personal website
Matt Conover - Symantec
corporate website
BlueHat 3 Speaker Podcasts
Caleb Sima
Alexander Kornbrust
Halvar Flake
HD Moore
BlueHat 4 Speaker Websites
Dino Dai Zovi - Matasano, LLC
corporate website
Enrique Sanchez – Yaguarete Security
corporate website
Dan Kaminsky – IO Active
corporate website
Johnny Cache –MITRE
corporate website
Dino Dai Zovi - theta44.org
personal website
Johnny Cache - 802.11mercenary.net/
personal website
Bluehat 5 Speaker Websites
Robert “Rsnake” Hansen - CISSP
corporate website
Andrew “Bunnie” Huang – bunnie studios
corporate website
Kevin Mahaffey - Flexilis
corporate website
David Maynor – ErrataSec
corporate website
Robert Graham – ErrataSec
corporate website
Rob Thomas – Team Cymru
corporate website
Rsnake - ha.ckers.org/
organization website
Rsnake - darkreading.com
blogs
Andrew “Bunnie” Huang - bunniestudios.com/blog
blog
Bluehat 6 Speaker Websites
Roberto Preatoni – WabiSabiLabi
corporate website
Dan Kaminsky – IO Active
corporate website
Ollie Whitehouse – RIM
corporate website
Halvar Flake – Zynamics
corporate website
Pedram Amini & Aaron Portnoy – Tipping Point
corporate website
Petr Matousek - Coseinc
corporate website
Jeff Forristal – HP (Formerly SPI Dynamics)
corporate website
Lurene Grenier – Sourcefire
corporate website
Rob Hensing - Favorite Quote && H.D., MetaSploit and the IPhone
blog
Rob Hensing - Blogging from BHv6
blog
Jeff Forristal - Migrations, blue hats, podcasts, virtual problems, SPICon and other news
blog
Pedram Amini - Back from BlueHat
blog
Pedram Amini - pedram.openrce.org
personal website
Roberto Preatoni - Back from the MS BlueHat con
blog
Dan Kaminsky - Doxpara Research
personal website
Ollie Whitehouse - Getting ready to respond to Mobile Security issues
blog
Halvar Flake - addxorrol.blogspot.com/
personal website
Petr Matousek
Personal Blog
BLUEHAT 7 SPEAKER WEBSITES
Billy Rios - xs-sniper.com
Nitesh Dhanjani - dhanjani.com
Alex "kuza55" K - kuza55.blogspot
Manuel Caballero
Sowhat - secway.org
Bryan Sullivan - blogs.msdn.com/bryansul
Fukami - The Turkey Curse
Personal weblog
Fukami - SektionEins
corporate website
Fukami - FlashSec Wiki
Dan Kaminsky - Doxpara.com
Dan Kaminsky - ioactive.com
corporate website
Cesar Cerrudo - Argeniss
company website
BlueHat 2008 - Blog by Jeremiah Grossman
Personal Blog
BlueHat 8 Speaker Websites
Mike Andrews - mikeandrews.com
Personal Blog
Mike Andrews - AVERT Labs Blog
Company Blog
Dan Kaminsky - doxpara.com
Personal
Dan Kaminsky - ioactive.com
Company Site
Gareth Heyes - thespanner.co.uk
Personal Blog
Gareth Heyes - businessinfo.co.uk
Company Site
Scott Stender - isecpartners.com
Company Site
Alex Vidergar - isecpartners.com
Company Site
Vinnie Liu - stachliu.com
Company Site
Eduardo Vela - sirdarckcat.blogspot.com
Personal Blog
Eduardo Vela - sirdarckcat.net
Personal Website
David Lindsay - securityinnovation.com
Company Website
Iftach Amit - aladdin.com
Company Blog
Roelof Temmingh - paterva.com
Company Site
Blogroll
MSRC Ecosystem Strategy Team Blog
BlueHat Security Briefings TechNet Site
Microsoft Security Response Center Blog
Microsoft Secure Development Lifecycle Blog
Microsoft Security Research & Defense Blog
Microsoft Malware Protection Center Blog
Microsoft Security Page
Tour the MSRC Hallway
TechNet Security
Michael Howard's Blog
Internet Explorer's Team Blog
http://blogs.msdn.com/dross/
Protect Your PC
BlogMS - Official Microsoft Team Blogs
BlueHat 9 Speaker Websites
Jesse Collins Blog
Nitesh Dhanjani Blog
Thoughts on Information Security, Technology, and Science
Tom Gallagher
Hunting Security Bugs
Vinny Gullotto
Microsoft Malware Protection Center - Threat Research & Response Blog
Chris Hoff Blog
Rational Survivability
Chris Hoff
Company Blog
Neel Mehta
Official Google Blog
Luis Miras Blog
call dwerd ptr [6c756973]
Jeff Moss
Company site
Jose Nazario Blog
Wormblog
Jose Nazario
Arbor Networks Blog
Tavis Ormandy Blog
Personal Blog
Tavis Ormandy
The Official Google Blog
Billy Rios Blog
Thoughts on security in an uncivilized world
Ryan Smith
Hustle Labs
Peleus Uhley
Adobe Secure Software Engineering Team Blog
Chris Weber Blog
The Lookout: Unicode, W3 and Software Security Testing
Chris Weber
Casaba Security Blog
BlueHat 10 Speaker Websites
Dustin Childs Blog
MSRC Ecosystem Strategy Team Blog
Charlie Miller
Independent Security Evaluators Company Site
Matthieu Suiche's Blog
Personal Blog
Matthieu Suiche
MoonSols Company Site
Tim Kornau
Zynamics Company Site
Tim Kornau
Zynamics Company Blog
Dan Kaminsky
Recursion Ventures Company Site
Vincenzo Iozzo
Zynamics Company Blog
Vincenzo Iozzo
Vincenzo Iozzo Twitter
Jeremiah Grossman
Jeremiah Grossman personal blog
Jeremiah Grossman
WhiteHat Security Company Site
Halvar Flake
Zynamics Company Site
Halvar Flake
Zynamics Company Blog
Ian Iftach Amit
Personal blog
Ian Iftach Amit
Security Art Company Site
Fyodor Yarochkin
Armorize Technologies Company Site
John Lambert
MSEC Company Site
Fermin J. Serna
Personal Blog
Andrew Roths
SRD Blog
Mike Howard
Mike Howard's Blog
Grant Bugher
SDL Blog
Robert "RSnake" Hansen
SecTheory Company Site
Robert "RSnake" Hansen
ha.ckers.org/
Robert "RSnake" Hansen
darkreading.com
Browse by Tags
TechNet Blogs
>
Microsoft BlueHat Blog
>
All Tags
>
security engineering
Browse by Tags
ActiveX
Attack
Attack Vector
Black Hat
BlueHat Security Briefings
Cloud Computing Privacy
Community-based Defense
Cybersecurity
Emerging Threat
Identity/Identity Theft
Internet Explorer (IE)
Microsoft Windows
Password Stealers
Security Conference Engagement
Security Research
Silverlight
Threat Modeling
Web Applications
Blog Post:
The Rapidly Evolving Exploitation Playground
BlueHat1
Hey there, Vincenzo and Fermin here! Next week we will be giving two talks at BlueHat . Vincenzo will be talking with Tim Kornau, Ralf Philipp Weinmann, and Thomas Dullien, about return-oriented programming and how to automate the creation of ROP payloads. Also, Fermin and Andrew Roths will be talking...
on
7 Oct 2010
Blog Post:
MAPP – An Insider's view
BlueHat1
Intro Matt Watchinski here, Senior Director, Sourcefire Vulnerability Research Team (VRT). It’s that time of year again. The mercury is soaring above 100F, and I am crammed onto a “flying bus” heading out to Las Vegas to attend this year’s iteration of the Black Hat and DEF...
on
29 Jul 2010
Blog Post:
The EMET 2.0 Training Video has arrived!
BlueHat1
Hey there, I'm pleased to announce that the BlueHat team has partnered with the dynamic Microsoft Security Response Center (MSRC) Engineering duo of Andrew Roths and Fermin J. Serna on a training video previewing the new release, version 2.0, of the Enhanced Mitigation Experience Toolkit (EMET). This...
on
28 Jul 2010
Blog Post:
Office Security Engineering: BlueHat v9 Presentation Revisited
BlueHat1
Hi, this is Tom Gallagher from the Office Trustworthy Computing team. At Blue Hat v9 , David Conger and I presented some of the security engineering work that we were doing to help ensure the security of Office 2010. We don’t want a single bug in our parsing code to allow arbitrary code to harm...
on
21 May 2010
Blog Post:
Software Security == People && Process && Technology
BlueHat1
Mark Curphey here. I run the Subscriptions Engineering Team in Server & Tools Online, where we build complex customer facing web sites like MSDN and TechNet, supporting millions of users. For the last 15 years, I have always held security roles, most recently heading up the Information Security Tools...
on
15 Apr 2010
Blog Post:
Heya! Hola and Olá!
BlueHat1
It was pretty fun sitting in the panel that kicked-off the first BlueHat Security Forum in Latin America and we are almost half-way through our day here in Buenos Aires. (Check out Mike Reavey’s EcoStrat Blog post for details about the panel.) It is always great to see old friends from the ecosystem...
on
18 Mar 2010
Blog Post:
Parser Central: Microsoft .NET as a Security Component
BlueHat1
During the past decade or so, a significant portion of the computer industry has set out in a quest for secure software. That this sizable force of smart people with all their resources and market power has not yet brought us a secure and safe computing experience, should be an indication that this task...
on
4 Mar 2010
Blog Post:
Do you believe in ghosts?
BlueHat1
When I was a kid, I had nightmares every week. I still remember some of them vividly, particularly the ones where ghosts were involved. Not the typical ghosts from the movies , but ones that could not be seen, only heard and felt. Why would I be so frightened and still remember them “vividly” today?...
on
16 Feb 2010
Blog Post:
Know thy Enemy
BlueHat1
I recently attended BlueHat for the second time and spoke about the SMS vulnerabilities Collin Mulliner and I discovered and exploited this summer. BlueHat is an interesting speaking venue because the audience consists entirely of Microsoft employees. Some people might think security researchers speaking...
on
6 Nov 2009
Blog Post:
The lighter side of the cloud
BlueHat1
Billy Rios here. I’m giving a talk this week along with Nate McFeters entitled, “ Sharing the Cloud with Your Enemy .” It’s a fun, realistic talk on security in the cloud. Why cloud computing? Cloud computing, software as a service, infrastructure as a service, platform as a service… with so many...
on
21 Oct 2009
Blog Post:
Attacking SMS
BlueHat1
This year at BlackHat USA in Las Vegas , we presented on the topic of attacking Short Message Service (SMS). Our presentation focused on the different ways in which SMS can be used to compromise mobile security. We’re excited to give an updated version of our talk at the upcoming BlueHat v9 conference...
on
19 Oct 2009
Blog Post:
Collaborating on RIA Security
BlueHat1
Microsoft and Adobe frequently work together on security. At this year's BlueHat , we will come together to share our security research in the area of Rich Internet Applications (RIAs). While we independently place considerable thought and effort into our respective security models, attackers often look...
on
6 Oct 2009
Blog Post:
Can we secure cloud computing? Can we afford not to?
BlueHat1
There have been many disruptive innovations in the history of modern computing, each of them in some way impacting how we create, interact with, deliver, and consume information. The platforms and mechanisms used to process, transport, and store our information likewise endure change, some in subtle...
on
28 Sep 2009
Blog Post:
Black Hat USA Spotlight: ATL Killbit Bypass
BlueHat1
There are only a few days left before Black Hat USA, and we, like most other speakers, are in the midst of the last-minute push to have all the materials finalized in time for our presentation. Our presentation this year, " The Language of Trust ," features a lot of material related to attacking software...
on
27 Jul 2009
Blog Post:
Securing our Legacy
BlueHat1
Hi, this is Scott Stender from iSEC Partners. I recently had the privilege of speaking at Microsoft's BlueHat event in Brussels on the topic of securing legacy systems. With all of the recent coverage on the need to secure our networked systems -- national, corporate, and individual alike -- I felt...
on
19 Jun 2009
Blog Post:
Dune Busting and Browser Fun at HITB – Dubai
BlueHat1
Hi, Billy Rios here, I was recently invited to speak at Hack in the Box (HITB) in Dubai. While at HITB, I participated in two different talks, but I’m going to focus on the talk Chris Evans and I co-presented: “Cross Domain Leakiness.” Chris Evans is a security lead for Google’s Core Security team. Some...
on
13 May 2009
Blog Post:
!exploitable Crash Analyzer Now Available
BlueHat1
At BlueHat v8 in October 2008, Dave Weinstein, Jason Shirk and Lars Opstad presented the topic of when it’s okay to stop fuzzing ( Fuzzed Enough? When It’s OK to Put the Shears Down ). As part of that presentation, Dave talked about a technique used within Microsoft for triaging and categorizing crashes...
on
1 Apr 2009
Blog Post:
State of the Union
BlueHat1
I spent a lot of time trying to think about what to write for a BlueHat pre-conference blog entry and had a pretty hard time focusing on one topic. To handle this, I decided to comment on the state of security. While I've found plenty of things to be excited about with security, including improved...
on
16 Oct 2008
Page 1 of 1 (18 items)