From Specs to Security

Dor Dali, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities.      In This Episode You Will Learn:       The unique perspective Dor has with RDP security research  How to approach security research when following the protocol specifications  The importance of clear documentation in preventing security vulnerabilities      Some Questions We Ask:        How did you design and build the Capture the Flag event?  Did you face any unexpected hurdles while researching the RDP protocol's security?  Have you found other security vulnerabilities by closely adhering to protocol specifications?      Resources:   View Dor Dali on LinkedIn    View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information.