Jan 15, 2025
AI at the Edge: Attacks and Defense
BlueHat India 2025 Day 1 Keynote covering AI security at the edge, including attack vectors and defensive strategies.
Research & Presentations
Keynotes, conference sessions, and research talks. Links go to slide decks hosted on GitHub.
Oct 11, 2024
CISA CSAC Technical Advisory Council: Open Source Security Recommendations
Recommendations on improving security in critical open source projects and advancing CISA's secure by design initiative, addressing unique challenges in open source software ecosystems.
Oct 03, 2024
A sneak peek into Microsoft's Windows 2030 vision
A sneak peek into what's next for Windows and how AI is shaping the future of the OS.
Jun 15, 2024
Attacking Intelligence: Attacking and Defending AI on The Edge
Keynote on AI security challenges at the edge, covering both offensive and defensive perspectives on edge AI systems.
Dec 05, 2023
CISA CSAC Technical Advisory Council: Memory Safety Recommendations
Comprehensive recommendations on advancing memory-safe system languages (MSSL) in federal procurement and cybersecurity practices, including Microsoft's $10M commitment to Rust tooling development.
Nov 16, 2023
ISRG Tectonics Keynote
Keynote for ISRG Tectonics on building trustworthy platforms and the next phase of internet defense.
Oct 15, 2023
Stronger Together: Celebrating the Research Community
BlueHat 2023 panel discussion celebrating the security research community and collaborative defense efforts.
Oct 15, 2023
BlueHat 2023 Keynote
BlueHat 2023 keynote address on platform security and the evolving threat landscape.
Sep 13, 2023
CISA CSAC Technical Advisory Council Recommendations
Technical Advisory Council recommendations to CISA on threat intelligence, cybersecurity policy, and national security initiatives.
Feb 01, 2023
Windows 11 Security by Default
BlueHat IL 2023 session on the secure-by-default work in Windows 11, from hardware baselines to isolation.
Oct 05, 2021
Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions
Demonstration of real attacks against Windows 11 and the built-in security solutions that defend against them.
Feb 13, 2020
Keeping Windows Secure
BlueHat IL 2020 talk on keeping Windows secure.
Jan 01, 2020
Zer0ing Trust: Do Zero Trust Approaches Deliver Real Security?
A candid look at zero trust claims—what delivers, what doesn’t, and how to measure real risk reduction.
Oct 01, 2019
Advancing Windows Security
Platform Security Summit 2019 talk on Windows' current and future security strategy.
Oct 01, 2019
Factful Security
BlueHat Seattle 2019 session on grounding security strategy in measurable attacker outcomes.
May 01, 2019
Advancing Windows Security
BlueHat Shanghai keynote on elevating Windows platform defenses and the roadmap for attack surface reduction.
Feb 01, 2019
Keeping Windows Secure
BlueHat IL 2019 talk covering exploit mitigation progress and the path to safer defaults on Windows.
Sep 24, 2018
Real Life Hacks for Windows and Office... and How to Stop Them
Microsoft Ignite session covering real-world attack techniques targeting Windows and Office, and practical defensive measures.
Nov 01, 2017
Securing Windows Defender Application Guard
BlueHat v17 presentation on Windows Defender Application Guard security architecture and implementation.
Mar 16, 2017
Microsoft's strategy and technology improvements toward mitigating arbitrary native code execution
CanSecWest 2017 talk on layered mitigations to reduce native code execution risk, presented by David Weston.
Aug 04, 2016
Windows 10 mitigation improvements
Black Hat USA 2016 session detailing new exploit mitigation features in Windows 10, presented by David Weston.
Mar 10, 2011
Targeted taint driven fuzzing using software metrics
CanSecWest 2011 talk on guiding fuzzing with code metrics to prioritize high-risk areas, co-presented with Dustin Duran and David Weston.
Aug 08, 2008
RE:Trace – Applied Reverse Engineering on OS X
RE:Trace – Applied Reverse Engineering on OS X presentation co-authored with Beauchamp at Defcon 16, including slides and whitepaper.
Aug 06, 2008
RE:Trace - Applied Reverse Engineering on OS X
Black Hat USA 2008 session on applied reverse engineering techniques for OS X, co-presented with Tiller Beauchamp.
Media & Podcasts
Security Conversations - Nov 01, 2024
Microsoft's David Weston on the surge in firmware attacks
Listen / WatchLessons from the School of Security Hard Knocks - Aug 21, 2024
"Builders and Breakers" interview
Listen / WatchNew York Times - Jul 22, 2024
Congress Calls for Tech Outage Hearing to Grill CrowdStrike C.E.O.
Listen / WatchMicrosoft BlueHat Podcast - May 17, 2023
BlueHat Podcast: Security research and Windows OS security
Listen / Watchpod.co - Jan 18, 2023
David Weston: Builders and Breakers - Lessons from the School of Security Hard Knocks
Listen / WatchBusiness Insider - Apr 07, 2022
How an Xbox anti-cheating chip became Microsoft's new secret weapon to fight increasing cyberattacks on remote workers — and grow its $15 billion security business
Listen / WatchMicrosoft Security - Oct 06, 2021
Understanding Windows 11 new security requirements with David Weston
Listen / WatchBusiness Insider - Jun 03, 2021