Guy Arazi on the Art and Science of Variant Hunting

Guy Arazi, a UK-based security expert at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Guy discusses his journey in security, which began in 2018 when he joined Microsoft, and his current role focusing on online services vulnerabilities within the MSRC (Microsoft Security Response Center). They delve into the concept of variant hunting, a critical process in identifying and mitigating repeated patterns of security vulnerabilities across multiple products and services. Guy explains that while static analysis tools are useful, they often require more complex, tailored approaches to detect these recurring issues. He emphasizes the importance of understanding the root cause of vulnerabilities and using both human insight and automated tools to address them across the vast codebase of Microsoft's offerings.    In This Episode You Will Learn:      The challenges of variant hunting and its significant impact on improving overall security  Growing complexity of variant hunting and the necessity of thorough documentation  What is important to consider when approaching a security vulnerability    Some Questions We Ask:       Are there industry tools or publicly available resources you recommend for variant hunting?  How can you identify the security boundary a vulnerability affects?  Is variant hunting something only humans can do, or can tools and automation help?    Resources:   View Guy Arazi on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.