From Specs to Security

<p><a href="https://www.linkedin.com/in/dordali/" rel="noopener noreferrer" target="_blank">Dor Dali</a>, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities. </p><p> </p><p> </p><p><strong>In This Episode You Will Learn</strong>:    </p><p> </p><ul><li>The unique perspective Dor has with RDP security research </li><li>How to approach security research when following the protocol specifications </li><li>The importance of clear documentation in preventing security vulnerabilities </li></ul><p> </p><p> </p><p><strong>Some Questions We Ask: </strong>    </p><p> </p><ul><li>How did you design and build the Capture the Flag event? </li><li>Did you face any unexpected hurdles while researching the RDP protocol's security? </li><li>Have you found other security vulnerabilities by closely adhering to protocol specifications? </li></ul><p> </p><p> </p><p><strong>Resources:</strong>  </p><p><a href="https://www.linkedin.com/in/dordali/" rel="noopener noreferrer" target="_blank">View Dor Dali on LinkedIn</a>   </p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a> </p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a> </p><p> </p><p><strong>Related Microsoft Podcasts:</strong>  </p><p> </p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>  </li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>  </li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>  </li></ul><p> </p><p> </p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>  </p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p>

The BlueHat Podcast · Microsoft