Hunting Variants: Finding the Bugs Behind the Bug - podcast episode cover

Hunting Variants: Finding the Bugs Behind the Bug

The BlueHat Podcast
Jul 09, 202539 minSeason 1Ep. 57
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

In this episode of The BlueHat Podcast, host Nic Fillingham is joined by George Hughey from Microsoft who returns to discuss his Blue Hat India talk on variant hunting, explaining how MSRC uses submission data from hacking competitions like Pwn2Own and Tianfu Cup to uncover additional security vulnerabilities in Windows. George shares how incentives in competitions differ from bug bounty programs, how tools like CodeQL assist variant hunting, and why collaborating with the security research community is key to improving Windows security. 

 


In This Episode You Will Learn:  

  • How hacking competitions help find real-world Windows vulnerabilities 

  • The role of MSRC in hunting variants beyond submitted vulnerabilities 

  • Why fuzzing is not always effective for modern edge cases 

 

Some Questions We Ask: 

  • How do you decide which cases to pursue for variant hunting? 

  • What advice do you have for researchers submitting variants? 

  • How does the CodeQL team collaborate with your team? 

   

Resources:      

View George Hughey on LinkedIn     

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

 

Related Microsoft Podcasts:   

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

 

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  

For the best experience, listen in Metacast app for iOS or Android