Microsoft Security Response Center

Many thanks to all our incredible #BlueHatIndia speakers. In addition to the keynotes we previously highlighted, we want to acknowledge the following speakers for their incredible presentations: John Sherchan, Red Team Security Researcher at CyberWarFare Labs , presented "Assembly.Load: Writing One Byte to Evade AMSI Scan." He discussed bypass techniques and implementation. Vishal Mishra, Senior Security Engineer, Microsoft, presented "The Dusky Shark: TDS Downgrade," covering TDS protocol, exploits, mitigations, and CVE-2024-0056. Dinesh Prakash, Senior Technical Manager at Comcast, presented “xGitGuard: The Sentinels of Secrecy,” discussing xGitGuard and other open-source projects from Comcast SPIDER. Omkar Gudhate, Senior Threat Analyst, Microsoft, and Abhishek Pustakala, Security Researcher II, Microsoft, presented "Scam 2023: The Story Behind How Cybercriminals Are Targeting Indian Android Users," focusing on MITRE ATT&CK TTPs and MDE mitigation. Preksha Saxena and Yashvi Shah, Security Researchers at McAfee, presented “Phishing Landscape Evolution: Unveiling Layers of Email-Initiated Malware Delivery,” discussing phishing email tactics and vulnerabilities. Dmitrijs Trizna, Senior Security Researcher at Microsoft, gave a talk titled: “The Impact of Backdoor Poisoning Vulnerabilities on AI-Based Threat Detectors,” covering AI-based defenses and attacks on AI models. Tarun Gudipati and Ritik Bavdekar, Software Engineers at Microsoft presented “Unveiling Quantum Horizons: Decrypting the Future of Cryptography,” covering present-day cryptography, quantum computing challenges, and Crystals Kyber. Venkatachalabathy SR, Senior Security Research Lead, Microsoft, and Shaleen Dev P.K., Security Researcher II, Microsoft, presented "Adversaries Abuse OAuth Applications with Diverse TTPs to Automate Attacks," focusing on OAuth phishing campaigns and TTPs. Dhruva Goyal, Founder & CEO at BugBase, and Sitaraman S., Founder & CIO at BugBase, presented "Pentest Copilot: Redefining Penetration Testing with LLMs," discussing LLM-based penetration testing and AI safety. Rajesh Kumar Natarajan, Senior Security Researcher, Microsoft, presented “CryptoCurrency Harvest: Unraveling the Progression of Linux Coinminers and Strategic MITRE ATT&CK Alignments," covering cryptomining attacks and detection tactics. Shreya Pohekar Agrawal, Product Security Analyst at HackerOne, presented “Wolf in Sheep’s Code: The Lesser-Known Business Logic Flaws,” discussing business logic bugs and mitigation. Kirtikumar Anandrao Ramchandani, Independent Security Researcher, presented "Hacking WebViews for Fun and Profit," discussing intent-based and Tel URL-based vulnerabilities. Jacob T., Head of Labs at ThinkstCanary, presented “Tracking Illicit Phishermen in the Deep Blue Azure,” discussing deception engineering and a new Canarytoken for Azure phishing detection.

At #BlueHatIndia Day 2, Rajiv Kumar, CVP and Managing Director of Microsoft India, delivered a keynote on the critical importance of security in today's world. Rajiv highlighted the increasing aggression of cyberattacks and the dual advantage AI offers both defenders and attackers. Emphasizing our role as first responders, he reminded us that we are all in this together to protect those at risk. Rajiv discussed the Microsoft Secure Future Initiative, focusing on Secure by Design, Secure by Default, and Secure Operations. He outlined its six pillars: • Protect identities and secrets • Protect tenants and isolate production systems • Protect networks • Protect engineering systems • Monitor and detect threats • Accelerate response and remediation He also addressed the talent gap in cybersecurity, noting that 1 in 3 security jobs remain unfilled and encouraging the audience to pursue careers in security. Rajiv detailed how Microsoft leverages 78 trillion signals and AI to learn, protect, defend, and disrupt cyber threats. Additionally, he stressed the need for a global, transparent approach to AI governance.

Roshni Chattopadhyay, Partner Director, Microsoft Security, opened Day 2 of #BlueHatIndia by sharing the power of partnerships and AI. She emphasized that we need your partnership, dedication, and your feedback to protect people – we can’t do it alone. She also discussed that AI is a powerful tool that can tilt the balance in favor in defenders by collecting, analyzing, and processing massive amounts of data. Thanks to all who made the first BlueHat India event a success!

Good morning, #BlueHatIndia! Welcome to Day 2! Get set for more incredible talks, networking, learning, and villages. We start in just a few moments with opening remarks from Roshni Chattopadhyay, Partner Director, Microsoft Security, followed by our Day 2 keynote from Rajiv Kumar, CVP and Managing Director, IDC, Microsoft.

We hope everyone enjoyed #BlueHatIndia Day 1! We're thankful to our incredible speakers, BlueHat India organizers, volunteers, Microsoft MVRs, and all our attendees. What was your highlight of the day? We’re excited to see you for Day 2, packed with more amazing talks, networking, and learning opportunities.

John Lambert, CVP and Security Fellow, Microsoft Threat Intelligence, Microsoft, presented the #BlueHatIndia Day 1 Keynote this morning: Defending with the Graph of Graphs. During his keynote, John discussed how to model and build an attack graph, how the graph of graphs facilitates collaboration across disciplines, and innovating with the graph with AI.

Tom Gallagher, VP Engineering, MSRC, Microsoft kicked off #BlueHatIndia this morning. Tom emphasized 3 things during his opening remarks: ✅Community: In-person collaboration is incredibly important. Talk to people about what they're working and brainstorm together. ✅Curiosity: At MSRC, we receive all the vulnerability reports submitted to Microsoft. People present new ideas at conferences and start to experiment and apply those ideas and find vulnerabilities. ✅Learning: We see people apply their curiosity and use their learnings to find new vulnerabilities based on what others have presented. If you find a vulnerability in Microsoft, please submit a report to us: https://lnkd.in/d9-McrX2

Good morning, Hyderabad! We're excited to welcome everyone to #BlueHatIndia! Registration is now open. Join us for two days filled with learning, sharing, networking, and fun. Remember to tweet or post on LinkedIn, tag our account, and use #BlueHatIndia. You might just win a special prize!

We hosted a pre-BlueHat India welcome reception this evening, providing a great opportunity for our speakers, MSRC MVRs, and Microsoft team members to connect. We are thankful to our speakers and MVRs for their role in making #BlueHatIndia a success.

Tom Gallagher, VP Engineering MSRC, Microsoft, will be providing opening remarks at on Day 1 of BlueHat India. We can't wait to welcome the security community to #BlueHatIndia tomorrow morning. 🙌