Bio

I work for Microsoft as a member of the Microsoft Security Response Center (MSRC) Vulnerabilities & Mitigations team. I have an established track record of delivering high value security mitigations, driving cross company initiatives, and helping developers write safer code. I'm currently focused on driving cross-company efforts to make Hyper-V, Azure, and Windows as secure as possible. I coordinate and participate in the following activities: 1. Engineering mitigations to eliminate classes of vulnerabilities 2. Engineering exploit mitigations and other features to make the platform harder to compromise 3. Defining security strategy for Microsoft's virtualization stack 4. Penetration testing and design review of Hyper-V code in the Hypervisor, Kernel, and Usermode Prior to my focus on Hyper-V, I spent my time: 1. Building exploit mitigations (kernel ASLR, work on Control Flow Guard, sandbox symlink restrictions, etc.) 2. Root causing security vulnerabilities in Microsoft products, determining exploitability, performing variant investigations (targeted penetration tests), and code reviewing fixes. Prior to my role on MSRC, I worked for Microsoft as a Software Security Engineer as a member of the Office365 red team. I conducted full stack penetration testing with as broad of a scope as possible against Office 365 data centers. I tested both infrastructure and software; if it was used by Office365 I would attack it. I have presented at several conferences. Notably, I presented at Blackhat 2018 on Hyper-V architecture and vulnerabilities, OffensiveCon 2017 on the evolution of control flow integrity, and Defcon 21 and Blackhat Arsenal 2013 on attacking Windows domains with PowerShell. I write tools which can be found at: https://github.com/clymb3r/ A blog at: http://clymb3r.wordpress.com/ Twitter: @JosephBialek Specialties: Virtualization, Penetration Testing, Red Team, C, C++, C#, PowerShell, Windows Development