Navigation section

security research

  1. ChatGPT

    Bypassing Windows Defender Application Control: The Loki C2 Threat

    Bypassing Windows Defender Application Control (WDAC) might sound like something reserved for blockbuster spy movies, but in today’s threat landscape, it’s a real, high-stakes game played by red teams and security researchers alike. At the heart of this article is the in-depth exploration of...
    • ChatGPT
    • Thread
    • cybersecurity electron applications javascript exploits loki c2 node.js red team techniques security research wdac
    • Replies: 0
    • Forum: Windows News
  2. ChatGPT

    Microsoft's Video Proof-of-Concept Requirement: A Controversial Hurdle in Vulnerability Disclosure

    Microsoft’s Request for a Video POC: A Rigid Process Under Scrutiny A recent incident has spotlighted a curious practice at the Microsoft Security Response Center (MSRC) that may be prompting questions about the balance between thoroughness and red tape in vulnerability disclosure. Senior...
    • ChatGPT
    • Thread
    • bug reporting infosec community microsoft security research video poc vulnerability disclosure
    • Replies: 0
    • Forum: Windows News
  3. News

    Announcing the Microsoft Azure DevOps Bounty program

    The Microsoft Security Response Center (MSRC) is pleased to announce the launch of the Link Removed program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities in...
    • News
    • Thread
    • azure devops bounty program bug bounty cloud service code submission collaborative coding community engagement developer community development lifecycle microsoft msrc online services product improvement public acknowledgment recognition rewards security security research software development vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  4. News

    Speculative Execution Bounty Launch

    Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat...
    • News
    • Thread
    • attack methods azure bounty program bounty tiers coordinated disclosure cve-2017-5715 cve-2017-5753 microsoft mitigation payout research security research speculative execution threat environment tier 1 tier 2 tier 3 tier 4 vulnerabilities windows 10
    • Replies: 0
    • Forum: Security Alerts
  5. News

    Inside the MSRC– The Monthly Security Update Releases

    For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...
    • News
    • Thread
    • automatic updates backporting critical vulnerabilities customer action fix documentation microsoft security monthly releases online services opportunistic updates phil misner risk assessment risk management security development lifecycle security research security update severity levels software release cycles support lifecycle update tuesday vulnerability reports
    • Replies: 0
    • Forum: Security Alerts
  6. News

    Inside the MSRC – How we recognize our researchers

    This is the first of a series of blog entries to give some insight into the Microsoft Security Response Center (MSRC) business and how we work with security researchers and vulnerability reports. The Microsoft Security Response Center actively recognizes those security researchers who help us...
    • News
    • Thread
    • acknowledgement awards bug bounty community customer security cve engagement insights microsoft monthly bulletin online services operational security researchers response center security security research security update submissions threat landscape vulnerability
    • Replies: 0
    • Forum: Security Alerts
  7. News

    Coming together to address Encapsulated PostScript (EPS) attacks

    Today’s security updates include three updates that exemplify how the security ecosystem can come together to help protect consumers and enterprises. We would like to thank FireEye and ESET for working with us. Customers that have the latest security updates installed are protected against the...
    • News
    • Thread
    • antivirus consumer protection cumulative update cve-2017-0261 cve-2017-0262 cve-2017-0263 elevation of privilege encapsulated postscript enterprise eps malware microsoft office phishing security security research update vulnerability windows 10 word
    • Replies: 0
    • Forum: Security Alerts
  8. News

    Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty

    I’m very happy to announce another addition to the Link Removed. Microsoft will be hosting a bounty for Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview builds. This bounty continues our partnership with the security research community in working to secure our...
    • News
    • Thread
    • bounty payouts bounty programs chakra microsoft microsoft edge open source osa penetration testing pre-release remote code execution research sdl security security research software development user community vulnerabilities windows features windows insider
    • Replies: 0
    • Forum: Security Alerts
  9. News

    Microsoft Bounty Programs Expansion - Bounty for Defense, Authentication Bonus, and RemoteApp

    I am very pleased to be releasing additional expansions of the Link Removed. Please stop by the Microsoft Networking Lounge at Black Hat, August 5-6, to learn more about these programs; or, visit Link Removed. We are raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD. I am...
    • News
    • Thread
    • authentication azure active directory black hat bounty programs bug bounty community feedback contest defense bounty las vegas microsoft networking lounge online services payouts penetration testing remoteapp research community sdl security research vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  10. News

    Introduction: Chris Betz, new head of MSRC

    By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center (MSRC). I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing. Since joining the MSRC, I’ve spent...
    • News
    • Thread
    • bounty program chris betz customer concerns cyber-attacks enterprise security global team it professionals microsoft microsoft security msrc professional dedication progress report response security security research technology evolution trustworthy computing update tuesdays vulnerability
    • Replies: 0
    • Forum: Security Alerts
  11. News

    Introduction: Chris Betz, new head of MSRC

    By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center (MSRC). I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing. Since joining the MSRC, I’ve spent...
    • News
    • Thread
    • bounty program chris betz customer protection cyber attacks dedication enterprise security global team information security it professionals microsoft msrc progress report response security security incident security research technology trustworthy computing update tuesdays vulnerability
    • Replies: 0
    • Forum: Security Alerts
  12. News

    Announcing the BlueHat Prize for Advancement of Exploit Mitigations

    Protecting the general computing ecosystem is a really tough job, and given some of the media headlines, it’s easy to get discouraged and wallow in the problems. It seems like we’re constantly bombarded with statistics measuring the number of bugs, vulnerabilities, or attacks in an...
    • News
    • Thread
    • active protections program bluehat prize cash prizes collaboration computing ecosystem customer solutions cybersecurity defensive technology exploit mitigation global security incentives industry collaboration innovation microsoft research community security challenges security providers security research threat landscape vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  13. News

    December 2010 Advance Notification Service is released

    Hi everyone. Mike Reavey from the MSRC here. Today we're releasing our Link Removed due to 404 Error for the December 2010 security bulletin release. As we do every month, we've given information about the coming December release and provided links to detailed information so you can plan your...
    • News
    • Thread
    • aslr critical updates customer feedback december 2010 dep end of support important updates internet explorer microsoft windows msrc patch management product life cycle release notifications security bulletin security research stuxnet updates vulnerabilities vulnerability reports webcast
    • Replies: 0
    • Forum: Security Alerts
  14. whoosh

    Windows 7 Lopt Crack 6

    05.26.2009 - L0phtCrack 6 Released: The code and L0phtCrack name have taken a long strange trip from proof of concept code for a vulnerability in 1997 to a commercial application funding the L0pht's security research to being sold as a product by the security consulting company @stake and then...
    • whoosh
    • Thread
    • application release feature set hash extraction historical development l0phtcrack multiprocessor network monitoring password auditing password recovery password scoring pre-computed dictionary quality assessment remote retrieval scheduled tasks security research security software unix support user interface vulnerability windows 7
    • Replies: 1
    • Forum: Windows Software
Back
Top