𝗘𝘃𝗲𝗻𝘁: MSRC Researcher Celebration 𝗗𝗮𝘁𝗲: August 8, 2024 𝗟𝗼𝗰𝗮𝘁𝗶𝗼𝗻: Top-secret venue in Las Vegas 𝗠𝗶𝘀𝘀𝗶𝗼𝗻 𝗯𝗿𝗶𝗲𝗳𝗶𝗻𝗴: MSRC Researchers are gathering at our invite-only celebration during Black Hat for a fun evening of discussion and celebration. 𝗜𝗻𝗰𝗼𝗺𝗶𝗻𝗴 𝘁𝗿𝗮𝗻𝘀𝗺𝗶𝘀𝘀𝗶𝗼𝗻: Keep an eye on your email for mission details and prepare for an unforgettable night. ✉️✨ #MSFTBlackHat #BHUSA
Microsoft Security Response Center
Computer and Network Security
Protecting customers and Microsoft from current and emerging threats related to security and privacy.
About us
The Microsoft Security Response Center (MSRC) is dedicated to safeguarding customers and Microsoft from security threats. With over two decades of experience, we focus on prevention, rapid defense, and community trust. Together, we’ll continue to protect our users and the broader ecosystem.
- Website
-
https://www.microsoft.com/en-us/msrc
External link for Microsoft Security Response Center
- Industry
- Computer and Network Security
- Company size
- 10,001+ employees
- Specialties
- Cybersecurity, Security response, Incident response, Bug bounty, Security research, and BlueHat
Updates
-
In our ongoing commitment to transparency, we will now issue CVEs for critical cloud service vulnerabilities, regardless of whether customers need to install a patch or take other actions to protect themselves. Learn more in our blog post: https://msft.it/6044YCjBG
-
Today, we hosted a Capture the Flag event for Microsoft interns. This team-based competition had interns tackling 42 security challenges across 14 different vulnerability types. Many thanks to Alyssa Estrada from the Microsoft STRIKE team for leading this event. 🏆Top three teams: First Place Team: Adam Hassan Minh Duong Emma Hartman Landon Crabtree Matthew M. Second Place Team: Mauricio Munoz Angel Manuel Tapia Avitia Sofya Malashchenko Daniel Barocio Iván Romero Third Place team: Myles Sloan Angelina Z. Tanay Shah Powall W. Gwendolyn Vongkasemsiri Congratulations to all the Microsoft interns who participated! 👏
-
-
Security updates for June 2024 are now available! Details are available here: https://msft.it/60119yPTS #PatchTuesday #SecurityUpdateGuide
-
-
Many thanks to all our incredible #BlueHatIndia speakers. In addition to the keynotes we previously highlighted, we want to acknowledge the following speakers for their incredible presentations: John Sherchan, Red Team Security Researcher at CyberWarFare Labs , presented "Assembly.Load: Writing One Byte to Evade AMSI Scan." He discussed bypass techniques and implementation. Vishal Mishra, Senior Security Engineer, Microsoft, presented "The Dusky Shark: TDS Downgrade," covering TDS protocol, exploits, mitigations, and CVE-2024-0056. Dinesh Prakash, Senior Technical Manager at Comcast, presented “xGitGuard: The Sentinels of Secrecy,” discussing xGitGuard and other open-source projects from Comcast SPIDER. Omkar Gudhate, Senior Threat Analyst, Microsoft, and Abhishek Pustakala, Security Researcher II, Microsoft, presented "Scam 2023: The Story Behind How Cybercriminals Are Targeting Indian Android Users," focusing on MITRE ATT&CK TTPs and MDE mitigation. Preksha Saxena and Yashvi Shah, Security Researchers at McAfee, presented “Phishing Landscape Evolution: Unveiling Layers of Email-Initiated Malware Delivery,” discussing phishing email tactics and vulnerabilities. Dmitrijs Trizna, Senior Security Researcher at Microsoft, gave a talk titled: “The Impact of Backdoor Poisoning Vulnerabilities on AI-Based Threat Detectors,” covering AI-based defenses and attacks on AI models. Tarun Gudipati and Ritik Bavdekar, Software Engineers at Microsoft presented “Unveiling Quantum Horizons: Decrypting the Future of Cryptography,” covering present-day cryptography, quantum computing challenges, and Crystals Kyber. Venkatachalabathy SR, Senior Security Research Lead, Microsoft, and Shaleen Dev P.K., Security Researcher II, Microsoft, presented "Adversaries Abuse OAuth Applications with Diverse TTPs to Automate Attacks," focusing on OAuth phishing campaigns and TTPs. Dhruva Goyal, Founder & CEO at BugBase, and Sitaraman S., Founder & CIO at BugBase, presented "Pentest Copilot: Redefining Penetration Testing with LLMs," discussing LLM-based penetration testing and AI safety. Rajesh Kumar Natarajan, Senior Security Researcher, Microsoft, presented “CryptoCurrency Harvest: Unraveling the Progression of Linux Coinminers and Strategic MITRE ATT&CK Alignments," covering cryptomining attacks and detection tactics. Shreya Pohekar Agrawal, Product Security Analyst at HackerOne, presented “Wolf in Sheep’s Code: The Lesser-Known Business Logic Flaws,” discussing business logic bugs and mitigation. Kirtikumar Anandrao Ramchandani, Independent Security Researcher, presented "Hacking WebViews for Fun and Profit," discussing intent-based and Tel URL-based vulnerabilities. Jacob T., Head of Labs at ThinkstCanary, presented “Tracking Illicit Phishermen in the Deep Blue Azure,” discussing deception engineering and a new Canarytoken for Azure phishing detection.
-
-
-
-
-
+11
-
-
At #BlueHatIndia Day 2, Rajiv Kumar, CVP and Managing Director of Microsoft India, delivered a keynote on the critical importance of security in today's world. Rajiv highlighted the increasing aggression of cyberattacks and the dual advantage AI offers both defenders and attackers. Emphasizing our role as first responders, he reminded us that we are all in this together to protect those at risk. Rajiv discussed the Microsoft Secure Future Initiative, focusing on Secure by Design, Secure by Default, and Secure Operations. He outlined its six pillars: • Protect identities and secrets • Protect tenants and isolate production systems • Protect networks • Protect engineering systems • Monitor and detect threats • Accelerate response and remediation He also addressed the talent gap in cybersecurity, noting that 1 in 3 security jobs remain unfilled and encouraging the audience to pursue careers in security. Rajiv detailed how Microsoft leverages 78 trillion signals and AI to learn, protect, defend, and disrupt cyber threats. Additionally, he stressed the need for a global, transparent approach to AI governance.
-
-
-
-
-
+2
-
-
Roshni Chattopadhyay, Partner Director, Microsoft Security, opened Day 2 of #BlueHatIndia by sharing the power of partnerships and AI. She emphasized that we need your partnership, dedication, and your feedback to protect people – we can’t do it alone. She also discussed that AI is a powerful tool that can tilt the balance in favor in defenders by collecting, analyzing, and processing massive amounts of data. Thanks to all who made the first BlueHat India event a success!
-
-
Good morning, #BlueHatIndia! Welcome to Day 2! Get set for more incredible talks, networking, learning, and villages. We start in just a few moments with opening remarks from Roshni Chattopadhyay, Partner Director, Microsoft Security, followed by our Day 2 keynote from Rajiv Kumar, CVP and Managing Director, IDC, Microsoft.
-
-
We hope everyone enjoyed #BlueHatIndia Day 1! We're thankful to our incredible speakers, BlueHat India organizers, volunteers, Microsoft MVRs, and all our attendees. What was your highlight of the day? We’re excited to see you for Day 2, packed with more amazing talks, networking, and learning opportunities.
-
-
-
-
-
+4
-
-
John Lambert, CVP and Security Fellow, Microsoft Threat Intelligence, Microsoft, presented the #BlueHatIndia Day 1 Keynote this morning: Defending with the Graph of Graphs. During his keynote, John discussed how to model and build an attack graph, how the graph of graphs facilitates collaboration across disciplines, and innovating with the graph with AI.
-