Guy Arazi on the Art and Science of Variant Hunting

Guy Arazi, a UK-based security expert at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Guy discusses his journey in security, which began in 2018 when he joined Microsoft, and his current role focusing on online services vulnerabilities within the MSRC (Microsoft Security Response Center). They delve into the concept of variant hunting, a critical process in identifying and mitigating repeated patterns of security vulnerabilities across multiple products and services. Guy explains that while static analysis tools are useful, they often require more complex, tailored approaches to detect these recurring issues. He emphasizes the importance of understanding the root cause of vulnerabilities and using both human insight and automated tools to address them across the vast codebase of Microsoft's offerings. 

In This Episode You Will Learn:     

• The challenges of variant hunting and its significant impact on improving overall security 
• Growing complexity of variant hunting and the necessity of thorough documentation 
• What is important to consider when approaching a security vulnerability 

Some Questions We Ask:      

• Are there industry tools or publicly available resources you recommend for variant hunting? 
• How can you identify the security boundary a vulnerability affects? 
• Is variant hunting something only humans can do, or can tools and automation help? 

Resources:  

View Guy Arazi on LinkedIn     

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

Related Microsoft Podcasts:   

• Microsoft Threat Intelligence Podcast  
• Afternoon Cyber Tea with Ann Johnson  
• Uncovering Hidden Risks  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.