Talk from #BlueHatIL is live! Had such an awesome experience youtu.be/R9TWLO5N7mc

It's long been assumed that there are no nontrivial reflected amplification attacks using TCP—prior attacks are UDP or simply TCP SYNs. In our just-now-accepted USENIX Security 2021 paper, we apply a genetic algorithm to discover 5 reflected TCP amplification attacks + variants.

Tuesday saw the release of fixes for four vulnerabilities I discovered (CVE-2022-26801, CVE-2022-26802, CVE-2022-26803, CVE-2022-24536). Go check them out! msrc.microsoft.com/update-guide/r…

Yesterday, a vulnerability in DNS I found was patched: msrc.microsoft.com/update-guide/e…. Thanks to the DNS team for working through this one!

Forget buffaloes, the longest grammatically correct sentence using one repeating word is "sudo sudo sudo sudo sudo sudo sudo sudo sudo"

Congratulations to George Hughey, the CyberPatriot XV Mentor of the Year!

CanSecWest Presentation: Rolling in the Dough: How Microsoft Identified and Remediated a Baker’s Dozen of Security Threats in the Windows DNS Server George Hughey, Microsoft secwest.net

To help protect against NTLM relay attacks, we’ve enabled Extended Protection for Authentication (EPA) by default in Windows Server 2025. This update strengthens key services like Exchange Server, Active Directory Certificate Services (AD CS), and LDAP, making identity compromise

Super excited Rohit Mothe and I will be speaking tomorrow about some of the bugs we found in MapUrlToZone DEF CON!

At DEF CON 33, George Hughey (George Hughey) and Rohit Mothe (Rohit Mothe), Senior Security Research Managers at MSRC, took us back to the 90s with their talk on the ghost of Internet Explorer in Windows: MapUrlToZone. They uncovered how this legacy API, used by Outlook, Office,

At DEF CON, the MSRC team had a great time connecting with the security community and cheering on Microsoft employees, MVRs, and other Microsoft security researchers as they shared their expertise through presentations and hands-on collaboration. #DEFCON #DEFCON33