The BlueHat Podcast cover art

The BlueHat Podcast

The BlueHat Podcast

By: Microsoft
Listen for free

About this listen

 Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.©2025 Microsoft
Episodes
  • Hunting Variants: Finding the Bugs Behind the Bug

    Hunting Variants: Finding the Bugs Behind the Bug
    Jul 9 2025
    In this episode of The BlueHat Podcast, host Nic Fillingham is joined by George Hughey from Microsoft who returns to discuss his Blue Hat India talk on variant hunting, explaining how MSRC uses submission data from hacking competitions like Pwn2Own and Tianfu Cup to uncover additional security vulnerabilities in Windows. George shares how incentives in competitions differ from bug bounty programs, how tools like CodeQL assist variant hunting, and why collaborating with the security research community is key to improving Windows security. In This Episode You Will Learn: How hacking competitions help find real-world Windows vulnerabilities The role of MSRC in hunting variants beyond submitted vulnerabilities Why fuzzing is not always effective for modern edge cases Some Questions We Ask: How do you decide which cases to pursue for variant hunting? What advice do you have for researchers submitting variants? How does the CodeQL team collaborate with your team? Resources: View George Hughey on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
    Show More Show Less
    39 mins
  • Securing Redirections with Mike Macelletti

    Securing Redirections with Mike Macelletti
    Jun 25 2025
    In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Mike Macelletti from Microsoft’s MSRC Vulnerabilities and Mitigations team to explore Redirection Guard, a powerful mitigation designed to tackle a long-standing class of file path redirection vulnerabilities in Windows. Mike shares how his interest in security began, the journey behind developing Redirection Guard, and how it's helping reduce a once-common bug class across Microsoft products. He also explains how the feature works, why it's impactful, and what developers can do to adopt it. Plus, a few fun detours into Solitaire hacking, skiing, and protein powder. In This Episode You Will Learn: What Redirection Guard is and how it helps prevent file system vulnerabilities How Microsoft identifies and addresses common bug classes across their ecosystem Why some vulnerabilities still slip past Redirection Guard and what’s out of scope Some Questions We Ask: What is a junction and how is it different from other redirects? How does Redirection Guard decide which shortcuts to block? Are there vulnerabilities Redirection Guard doesn’t cover? Resources: View Mike Macelletti on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
    Show More Show Less
    42 mins
  • Ignore Ram Shankar Siva Kumar’s Previous Directions

    Ignore Ram Shankar Siva Kumar’s Previous Directions
    Jun 11 2025
    In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share Ram Shankar Siva Kumar’s dynamic keynote from BlueHat India 2025, where he explores the evolving threat landscape of AI through the lens of the Microsoft AI Red Team. From adversarial machine learning to psychosocial harms and persuasive AI, Ram highlights real-world case studies, including prompt injection, content safety violations, and memory poisoning in AI agents. Ram underscores the urgent need for robust red teaming practices to secure AI systems against traditional security flaws and emerging threats across images, text, audio, and autonomous agents. In This Episode You Will Learn: Why old-school security flaws still break modern AI systems Real-world AI red teaming in action, from scams to memory hacks How small input tweaks can fool AI across images, audio, and text Some Questions We Ask: Can attackers fool AI using just slight image changes? Are generative AI systems vulnerable to prompt manipulation? Do you need to be an expert to break an AI model? Resources: Watch Ram’s BlueHat India 2025 Keynote: BlueHat India 2025 Day 2 Keynote - Ram Shankar Siva Kumar Listen to Ram’s Previous Appearance on The BlueHat Podcast: Not with a Bug but with a Sticker View Ram Shankar Siva Kumar on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
    Show More Show Less
    40 mins

What listeners say about The BlueHat Podcast

Average Customer Ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com.au reviews

Amazon Reviews
No Reviews are Available
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.