Thank you to everyone who joined us for the MSRC Researcher Celebration at Black Hat Europe. It was wonderful to spend an evening with so many members of the security research community sharing conversations, ideas, and a lot of fun. We’re grateful for the partnerships and relationships that drive this community forward. Here’s to the work we do together and the future we’re building. #BHEU

I miss the days of "ifconfig" and "eth0", but I've come to accept that Linux environments are constantly changing. This is why it is essential to keep notes on command syntax and related topics; even a couple of Google Docs can be really helpful!

At @defcon 33, George Hughey (@ecthr0s) and Rohit Mothe (@rohitwas), Senior Security Research Managers at MSRC, took us back to the 90s with their talk on the ghost of Internet Explorer in Windows: MapUrlToZone. They uncovered how this legacy API, used by Outlook, Office, Windows Shell, and sandboxes to make security decisions, was vulnerable to manipulation. Their deep dive revealed a dozen CVEs and led to systemic mitigations across Microsoft platforms. Learn how MSRC’s technical investigations drive proactive protection for customers and why legacy code still matters in the slides available here: msft.it/6013su8Ef #DEFCON #DEFCON33

Thank you to everyone who joined us at the MSRC Researcher Celebration during #BHUSA last night. It was incredible to see so many members of the security community come together to share stories and build connections. Special shoutout to our 2025 MSRC MVRs for being part of this amazing event. Here’s to the friendships, the collaborations, and the future we’re shaping together. #MSFTBlackHat

Day 1 of the Zero Day Quest Onsite Hacking Event is in the books and we’ve kicked off Day 2. We welcomed top security researchers from around the world to Microsoft’s Redmond campus for a day of live hacking, collaboration, and connection. Researchers worked side-by-side with Microsoft engineers and product teams to identify vulnerabilities across our AI and cloud platforms. Lots of amazing reports and discussions flowed throughout the day—with MSRC, product teams, and the researchers themselves all driving security forward together. After headshots and hacking, we wrapped the day with a Mariners vs. Tigers game in Seattle (tough loss, but the vibes were strong!). We’re incredibly grateful to the security researcher community. Your work makes a real impact in helping protect customers. #ZeroDayQuest

Cameron Vincent @SecretlyHidden1, Security Researcher at Microsoft, gave a talk about IDOR vulnerabilities to a packed room at @nullcon #Goa. Cameron discussed how broken access control has been the top problem across the ecosystem for a while. Camerons research into IDOR vulnerabilities was manual, without extensions or automation, although he recommends using Burp Suite, which = the golden tool. #NullconGoa2025 #Nullcon

This is one of the wildest git diffs I've ever seen

The MSRC team is excited to be at @nullcon #Goa! Come find us to chat about our bug bounty programs, @MSFTBlueHat India, job opportunities, and more. #NullconGoa2025 #nullcon

huh? Is the response supposed to only include private code?

Verifying myself: I am ndrix on Keybase.io. yr9_VIDIPljkPhwlcnkC5xerQbENgrPgjIaQ / keybase.io/ndrix/sigs/yr9_VI…

I don't rant much about businesses, but @bookingcom is a pretty crappy experience. Booking.nope from now on.

Does anyone else find this to be very cool?

* Alternative URL structuring This is a BIG one. You must know how the URL is formatted. Biggest wins normally come from using the @ symbol, backslashes where unexpected, and smuggling stuff in after the : in the ports section.

I work with some pretty funny peeps.

Pic of the Day #infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec

Love it when my team looks out for me. :) #TeamWork

Join us tomorrow 9am PST (UTC-8) to explore SSRF security research in Azure with @ndrix and @eckert_madeline! Register here: msft.it/6017kCBT9

Open call for SSRF enthusiasts! We’re excited to announce the launch of our three-month Azure SSRF Security Research Challenge with awards up to $60,000 USD! Ready, set, go! More information can be found on our blog: msrc-blog.microsoft.com/2021…

Azure SSRF challenge launched! - microsoft.com/en-us/msrc/azu… #bugbounty

We cannot just turn up the AC, we have to turn up our efforts to fight the threat that is now intruding on our lives - climate change.