In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Marco Ivaldi, co-founder and technical director of HN Security, a boutique company specializing in offensive security services, shares his journey from hacking as a teenager in the '80s to becoming a key figure in the security research community. With nearly three decades of experience in cybersecurity, Marco digs into the ongoing challenges, particularly in Active Directory and password security, highlighting vulnerabilities that continue to pose significant risks today. He recounts his unexpected path into bug bounty hunting, including his involvement in Microsoft's Zero Day Quest and his passion for auditing real-time operating systems like Azure RTOS.

In This Episode You Will Learn:

• How Marco taught himself BASIC and assembly through cassette tapes and trips to local libraries
• Why mentorship and positive leadership can catapult your cybersecurity career
• When measuring network response times can unintentionally leak valuable info

Some Questions We Ask:

• Do you remember the first time you made code do something unexpected?
• What was your experience like in the Zero Day Quest building for those three days?
• How are you thinking of approaching fuzzing after Zero Day Quest?

Resources:

View Marco Ivaldi on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn

HN SECURITY

Learn More About Marco

Related Microsoft Podcasts:

• Microsoft Threat Intelligence Podcast
• Afternoon Cyber Tea with Ann Johnson
• Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

Hosted on Acast. See acast.com/privacy for more information.

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Dhiral Patel, Senior Security Engineer at ZoomInfo and one of MSRC’s Most Valuable Researchers (MVR). Dhiral shares how a hacked Facebook account sparked his passion for ethical hacking. From web development to penetration testing, Dhiral has become a top bug hunter, landing multiple spots on the MSRC leaderboards. Dhiral reflects on his early MSRC submissions and lessons learned. He also discusses the importance of mastering web security basics, practicing on platforms like TryHackMe and Hack the Box, and staying connected with the bug bounty community.

In This Episode You Will Learn:

• The importance of mastering web security basics before diving into bug bounty hunting
• Why hands-on platforms like TryHackMe and Hack the Box are perfect for beginners
• Dhiral’s journey from blogging to freelancing and security research

Some Questions We Ask:

• How do you balance competition and collaboration in the bug bounty community?
• Can you explain what clickjacking is and if it still works today?
• Why did you start with Power BI, and how did it lead to your journey in security?

Resources:

View Dhiral Patel on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn

Related Microsoft Podcasts:

• Microsoft Threat Intelligence Podcast
• Afternoon Cyber Tea with Ann Johnson
• Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research.

In This Episode You Will Learn:

• Researching vulnerabilities in Power Automate, Power Automate Desktop, and Azure
• The importance of user prompts to prevent unintended application behavior
• Key vulnerabilities Tobias looks for when researching Microsoft products

Some Questions We Ask:

• Have you submitted any AI-related findings to Microsoft or other bug bounty programs?
• How does the lack of visibility into AI models impact the research process?
• Has your approach to security research changed when working with AI versus traditional systems?

Resources:

View Tobias Diehl on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn

Related Microsoft Podcasts:

• Microsoft Threat Intelligence Podcast
• Afternoon Cyber Tea with Ann Johnson
• Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.