From Specs to Security

Dor Dali, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities. 
 
 
In This Episode You Will Learn:    
 

The unique perspective Dor has with RDP security research 

How to approach security research when following the protocol specifications 

The importance of clear documentation in preventing security vulnerabilities 

 
 
Some Questions We Ask:     
 

How did you design and build the Capture the Flag event? 

Did you face any unexpected hurdles while researching the RDP protocol's security? 

Have you found other security vulnerabilities by closely adhering to protocol specifications? 

 
 
Resources:  
View Dor Dali on LinkedIn   
View Wendy Zenone on LinkedIn 
View Nic Fillingham on LinkedIn 
 
Related Microsoft Podcasts:  
 


Microsoft Threat Intelligence Podcast  


Afternoon Cyber Tea with Ann Johnson  


Uncovering Hidden Risks  

 
 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Hosted on Acast. See acast.com/privacy for more information.