{"id":107289,"date":"2020-10-06T09:00:16","date_gmt":"2020-10-06T16:00:16","guid":{"rendered":"\/blogs\/?p=107289"},"modified":"2024-07-09T01:34:26","modified_gmt":"2024-07-09T08:34:26","slug":"our-experiences-participating-in-microsofts-azure-sphere-bounty-program","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/","title":{"rendered":"Our Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program"},"content":{"rendered":"

From June to August, part of the McAfee Advanced Threat Research (ATR) team\u00a0<\/span><\/span>participated<\/span><\/span>\u00a0in Microsoft\u2019s Azure Sphere Research Challenge<\/span><\/span>.\u00a0\u00a0<\/span><\/span>Our research resulted in\u00a0<\/span><\/span>report<\/span><\/span>ing<\/span><\/span>\u00a0<\/span><\/span>multiple<\/span><\/span>\u00a0<\/span><\/span>vulnerabilities\u00a0<\/span><\/span>classified by Microsoft as \u201cimportant\u201d or \u201ccritical\u201d<\/span><\/span>\u00a0<\/span><\/span>in the platform that<\/span><\/span>,<\/span><\/span>\u00a0<\/span><\/span>to date<\/span><\/span>,<\/span><\/span>\u00a0have\u00a0<\/span><\/span>qualified for over $<\/span><\/span>160<\/span><\/span>,000 USD in bounty awards<\/span><\/span>\u00a0scheduled to be contributed to\u00a0<\/span><\/span>the\u00a0<\/span><\/span>ACLU<\/span><\/span><\/span><\/a>\u00a0($100,000),<\/span><\/span>\u00a0<\/span><\/span>St. Jude\u2019s Children\u2019s\u00a0<\/span><\/span>Research\u00a0<\/span><\/span>Hospital<\/span><\/span><\/a>\u00a0($50,000) and<\/span><\/span>\u00a0<\/span><\/span>PDX Hackerspace<\/span><\/span><\/span><\/a>\u00a0(<\/span><\/span>approximately\u00a0<\/span><\/span>$<\/span><\/span>2<\/span><\/span>0,000). With these contributions, we hope to support and give back<\/span><\/span>\u00a0<\/span><\/span>both<\/span><\/span>\u00a0<\/span><\/span>to our local hacker community that has really\u00a0<\/span><\/span>stepped up<\/span><\/span><\/span><\/a>\u00a0to help during the COVID crisis,\u00a0<\/span>and\u00a0<\/span><\/span>also<\/span>\u00a0<\/span><\/span>recognize, at a larger scale, the importance to protect and further civil libert<\/span><\/span>ies<\/span><\/span>\u00a0and\u00a0<\/span><\/span>the wellbeing of<\/span><\/span>\u00a0<\/span><\/span>those most in need<\/span><\/span>.<\/span><\/span>\u00a0<\/span><\/span>\u00a0<\/span><\/p>\n

This blog post is a high<\/span><\/span>–<\/span><\/span>level overview of the program, why we choose to take part in it, and a brief description of our findings. A\u00a0<\/span><\/span>detailed\u00a0<\/span><\/span>technical\u00a0<\/span><\/span>walkthrough\u00a0<\/span><\/span>of our findings<\/span><\/span> can be found here<\/a><\/span><\/span><\/span>.\u00a0<\/span>\u00a0<\/span><\/p>\n

Additionally, Microsoft has released two summary blogs detailing the Azure Sphere Bounty Program as a whole, including McAfee\u2019s efforts and findings. They can be found here:<\/p>\n

MSRC Blog<\/a><\/p>\n

Azure Sphere Core Team Blog<\/a><\/p>\n

What is Azure Sphere and the Azure Sphere Research Challenge?<\/span>\u00a0<\/span><\/h2>\n

In l<\/span>ate May Microsoft started a new bug bounty\u00a0<\/span>program<\/span><\/a>\u00a0for\u00a0<\/span>its\u00a0<\/span>Azure Sphere platform. Azure Sphere is a<\/span>\u00a0<\/span>hardened IoT device with a secure communication link to the cloud<\/span>\u00a0that has been in\u00a0<\/span>development<\/span>\u00a0for the last few years and reached general availability\u00a0<\/span>in\u00a0<\/span>early 2020<\/span>. Microsoft<\/span>\u00a0designed and<\/span>\u00a0<\/span>built it from scratch to ensure every aspect of it is as secure as possible<\/span>,\u00a0<\/span>per<\/span>\u00a0<\/span>their\u00a0<\/span>security model<\/span><\/a>.<\/span>\u00a0To put the theory to test,\u00a0<\/span>Microsoft<\/span>\u00a0invited a few select partners and hackers to try their best to defeat its security<\/span>\u00a0measures<\/span>.<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

The Azure sphere team<\/span>\u00a0came up with multiple scenarios that would test the\u00a0<\/span>security model\u00a0<\/span>of the device and qualify for a<\/span>n increased\u00a0<\/span>payout from the\u00a0<\/span>regular Azure Bug Bounty program. The<\/span>se<\/span>\u00a0scenarios range from the ability\u00a0<\/span>to<\/span>\u00a0bypas<\/span>s\u00a0<\/span>certain security measures, to execut<\/span>ing<\/span>\u00a0code in the\u00a0<\/span>hardware enabled\u00a0<\/span>secure core of the device.\u00a0<\/span>\u00a0<\/span><\/p>\n

Research scenarios specific to the Azure Sphere Research Challenge<\/span><\/i>\u00a0<\/span><\/p>\n

Why did ATR get involved with the program?<\/span>\u00a0<\/span><\/h2>\n

There are multiple reasons why we were keen\u00a0<\/span>to<\/span>\u00a0participa<\/span>te<\/span>\u00a0<\/span>in this<\/span>\u00a0program. F<\/span>irs<\/span>t, as security researchers, the Azure Sphere platform is an exciting new research target that has been built from the ground up with security in mind<\/span>.<\/span>\u00a0<\/span>I<\/span>t showcases what might become of the IoT space in the next few years\u00a0<\/span>as\u00a0<\/span>legacy platforms are slowly phased out. Being at the forefront of what is being done in the IoT space ensures our research remain<\/span>s<\/span>\u00a0current and\u00a0<\/span>we are\u00a0<\/span>ready to tackle future new challenges. Second, by\u00a0<\/span>finding critical bugs in this new platform we help make it more secure and offer our support to make the IoT space\u00a0<\/span>increasingly\u00a0<\/span>resistant to cyber<\/span>\u00a0<\/span>threats. Finally,<\/span>\u00a0as this is a bug bounty program, we decided from the start that we would donate any award we receive<\/span>d<\/span>\u00a0to charity, thus using our skills to contribute to the social good of our local communities and support causes that transcend the technology sector.\u00a0\u00a0<\/span>\u00a0<\/span><\/p>\n

Findings<\/span>\u00a0<\/span><\/h2>\n

We\u2019ve reported multiple bugs\u00a0<\/span>to\u00a0<\/span>Microsoft<\/span>\u00a0as a<\/span>\u00a0<\/span>result of our<\/span>\u00a0research<\/span>\u00a0that\u00a0<\/span>were rated Important\u00a0<\/span>or\u00a0<\/span>Critical:<\/span>\u00a0<\/span><\/p>\n

    \n
  • Important \u2013 Security Feature bypass ($3,300): The inclusion of\u00a0<\/span>symlink<\/span>\u00a0in application package allows for referencing files outside of the application package mount point.<\/span>\u00a0<\/span><\/li>\n
  • Critical<\/span>\u00a0\u2013 RCE ($48,000): The inclusion of<\/span>\u00a0<\/span>a\u00a0<\/span>\u201c<\/span>character<\/span>\u00a0<\/span>device<\/span>\u201d<\/span>\u00a0<\/span>in\u00a0<\/span>an\u00a0<\/span>application package allows\u00a0<\/span>for\u00a0<\/span>direct interac<\/span>t<\/span>ion<\/span>\u00a0with a part of the flash memory, eventually leading to the modification of critical system file<\/span>s<\/span>\u00a0and further exploitation.<\/span>\u00a0<\/span><\/li>\n
  • Important \u2013\u00a0<\/span>EoP<\/span>\u00a0($11,000): Multiple bugs in how\u00a0<\/span>uid_map<\/span>\u00a0<\/span>files are processed<\/span>,<\/span>\u00a0allow<\/span>ing for<\/span>\u00a0elevation of privilege to the sys user.\u00a0<\/span>\u00a0<\/span><\/li>\n
  • Important<\/span>\u00a0<\/span>\u2013\u00a0<\/span>Eop<\/span>\u00a0($<\/span>11,000<\/span>)<\/span>: A user with sys privilege<\/span>s<\/span>\u00a0can trick Application Manager into unmounting \u201c<\/span>azcore<\/span>\u201d and mount a rogue binary in its stead. Triggering a core<\/span>\u00a0<\/span>dump of a running process will then execute the rogue binary with full capabilities & root privileges due to improper handling of permission<\/span>s<\/span>\u00a0in the LSM.<\/span>\u00a0<\/span><\/li>\n
  • Critical \u2013\u00a0<\/span>EoP<\/span>\u00a0($48,000): Further\u00a0<\/span>problem<\/span>s<\/span>\u00a0in\u00a0<\/span>the<\/span>\u00a0privilege d<\/span>ropping\u00a0<\/span>of\u00a0<\/span>\u201c<\/span>a<\/span>zcore<\/span>\u201d<\/span>\u00a0leads to the complete bypass of Azure Sphere capabilit<\/span>y restrictions<\/span>\u00a0<\/span><\/li>\n
  • Critical \u2013\u00a0<\/span>EoP<\/span>\u00a0($48,000): Due to improper certificate management, it is possible to re-claim a device on the Azure Sphere pre-prod server and obtain a valid capability file that works in\u00a0<\/span>the\u00a0<\/span>prod environment. This capability file can be used to re-enable application development mode on a finalized device (claimed by a third party). The deployment of the capability file requires physical access to a device.\u00a0<\/span>\u00a0<\/span><\/li>\n<\/ul>\n

    Conclusion<\/span>\u00a0<\/span><\/h2>\n

    This research was\u00a0<\/span>an exciting<\/span>\u00a0opportunity to look at\u00a0<\/span>a\u00a0<\/span>new platform with\u00a0<\/span>very little prior research<\/span>, while still being in the familiar territory of an ARM device running<\/span>\u00a0<\/span>a<\/span>\u00a0hardened Linux<\/span>\u00a0<\/span>operating-system<\/span>.\u00a0<\/span>\u00a0<\/span><\/p>\n

    Through the bugs we found we were able to get a full chain exploit from a locked device to having root access. However, the Azure Sphere platform has many more security features such as remote attestation, and a\u00a0<\/span>hardware enabled\u00a0<\/span>secure core that is still holding strong.\u00a0<\/span>\u00a0<\/span><\/p>\n

    Finally, we want to thank Microsoft for the opportunity of participating in this exciting program, and the bounty awards<\/span>.\u00a0<\/span>\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

    From June to August, part of the McAfee Advanced Threat Research (ATR) team\u00a0participated\u00a0in Microsoft\u2019s Azure Sphere Research Challenge.\u00a0\u00a0Our research resulted…<\/p>\n","protected":false},"author":1060,"featured_media":97221,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[5656],"class_list":["post-107289","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"\nOur Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program | McAfee Blog<\/title>\n<meta name=\"description\" content=\"From June to August, part of the McAfee Advanced Threat Research (ATR) team\u00a0participated\u00a0in Microsoft\u2019s Azure Sphere Research Challenge.\u00a0\u00a0Our research\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Our Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"From June to August, part of the McAfee Advanced Threat Research (ATR) team\u00a0participated\u00a0in Microsoft\u2019s Azure Sphere Research Challenge.\u00a0\u00a0Our research\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-06T16:00:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-09T08:34:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/10\/shutterstock_669170779.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"563\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Philippe Laulheret\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@phLaul\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Philippe Laulheret\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/\"},\"author\":{\"name\":\"Philippe Laulheret\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/32483b890b93f8eacf1e27b80061a74b\"},\"headline\":\"Our Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program\",\"datePublished\":\"2020-10-06T16:00:16+00:00\",\"dateModified\":\"2024-07-09T08:34:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/\"},\"wordCount\":887,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/10\/shutterstock_669170779.jpg\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/\",\"name\":\"Our Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/10\/shutterstock_669170779.jpg\",\"datePublished\":\"2020-10-06T16:00:16+00:00\",\"dateModified\":\"2024-07-09T08:34:26+00:00\",\"description\":\"From June to August, part of the McAfee Advanced Threat Research (ATR) team\u00a0participated\u00a0in Microsoft\u2019s Azure Sphere Research Challenge.\u00a0\u00a0Our research\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/10\/shutterstock_669170779.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/10\/shutterstock_669170779.jpg\",\"width\":1000,\"height\":563},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Our Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/32483b890b93f8eacf1e27b80061a74b\",\"name\":\"Philippe Laulheret\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/c93a756c8117e30e3260cb47b0d14d3f\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/01\/pl-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/01\/pl-96x96.png\",\"caption\":\"Philippe Laulheret\"},\"description\":\"Philippe Laulheret is a Senior Security Researcher on the McAfee Enterprise's Advanced Threat Research team. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex system and get them behave in interesting ways. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding. Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Sup\u00e9lec (France).\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/philippe-laulheret-094a5315\",\"https:\/\/x.com\/phLaul\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/philippe-laulheret\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Our Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program | McAfee Blog","description":"From June to August, part of the McAfee Advanced Threat Research (ATR) team\u00a0participated\u00a0in Microsoft\u2019s Azure Sphere Research Challenge.\u00a0\u00a0Our research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Our Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program | McAfee Blog","og_description":"From June to August, part of the McAfee Advanced Threat Research (ATR) team\u00a0participated\u00a0in Microsoft\u2019s Azure Sphere Research Challenge.\u00a0\u00a0Our research","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2020-10-06T16:00:16+00:00","article_modified_time":"2024-07-09T08:34:26+00:00","og_image":[{"width":1000,"height":563,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/10\/shutterstock_669170779.jpg","type":"image\/jpeg"}],"author":"Philippe Laulheret","twitter_card":"summary_large_image","twitter_creator":"@phLaul","twitter_site":"@McAfee","twitter_misc":{"Written by":"Philippe Laulheret","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/"},"author":{"name":"Philippe Laulheret","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/32483b890b93f8eacf1e27b80061a74b"},"headline":"Our Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program","datePublished":"2020-10-06T16:00:16+00:00","dateModified":"2024-07-09T08:34:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/"},"wordCount":887,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/10\/shutterstock_669170779.jpg","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/","name":"Our Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/10\/shutterstock_669170779.jpg","datePublished":"2020-10-06T16:00:16+00:00","dateModified":"2024-07-09T08:34:26+00:00","description":"From June to August, part of the McAfee Advanced Threat Research (ATR) team\u00a0participated\u00a0in Microsoft\u2019s Azure Sphere Research Challenge.\u00a0\u00a0Our research","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/10\/shutterstock_669170779.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/10\/shutterstock_669170779.jpg","width":1000,"height":563},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/our-experiences-participating-in-microsofts-azure-sphere-bounty-program\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Our Experiences Participating in Microsoft\u2019s Azure Sphere Bounty Program"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/32483b890b93f8eacf1e27b80061a74b","name":"Philippe Laulheret","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/c93a756c8117e30e3260cb47b0d14d3f","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/01\/pl-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/01\/pl-96x96.png","caption":"Philippe Laulheret"},"description":"Philippe Laulheret is a Senior Security Researcher on the McAfee Enterprise's Advanced Threat Research team. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex system and get them behave in interesting ways. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding. Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Sup\u00e9lec (France).","sameAs":["https:\/\/www.linkedin.com\/in\/philippe-laulheret-094a5315","https:\/\/x.com\/phLaul"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/philippe-laulheret\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/107289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/1060"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=107289"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/107289\/revisions"}],"predecessor-version":[{"id":196238,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/107289\/revisions\/196238"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/97221"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=107289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=107289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=107289"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=107289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}