Last updated at Wed, 16 Feb 2022 20:00:01 GMT
In this episode of Security Nation, Jen and Tod chat with Amit Serper, Director of Security Research at Akamai, on his work uncovering a flaw in the Autodiscover protocol within Microsoft Exchange that can leak domain credentials outside an organization. Amit details some of the techniques he and his team used during the discovery – and the five months of research that followed to validate and document their findings, including the social media aftermath of the disclosure.
Stick around for our Rapid Rundown, where Tod and Jen talk about the improvements in vulnerability disclosure time as revealed by the latest report from Google’s Project Zero.
Amit Serper is the Director of Security Research at Akamai Technologies’ Enterprise Security group. He specializes in low-level, vulnerability, and kernel research, malware analysis, and reverse engineering on Windows, Linux, and macOS. Amit’s career in security spans over 15 years, in which he worked at an Israeli government intelligence agency conducting cutting edge research and, later, at security startups Cybereason and Guardicore, where he led complex research projects and thwarted a few global attacks (such as NotPetya, BadRabbit, and Operation Softcell). Amit has been active in the security community for a few years now, speaking at conferences and releasing various research papers and blogs.
Rapid Rundown links
- Read up on the vulnerability disclosure metrics from Google’s Project Zero.
Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.