Episode 56: Is Exchange leaking your creds?

If you follow the productivity space, you have no doubt seen or heard about the Autodiscovering the Great Leak research paper recently published by Amit Serper, a researcher at Guardicore. The paper details more than five months' research into the Autodiscover service used by Exchange. Amit's research was picked up and in many instances misreported by the tech press, which in turn caused a certain degree of panic. We're deeply passionate about and have been for a very long time, so we thought it would be a good idea to sit down with Amit to talk through his research and better understand his findings.

During the episode, Amit talks about the following resources:

Amit Serper is a researcher that spent almost a decade in the Israeli intelligence community where he worked in vulnerability research, exploit development and designed the architectures of uniquely complicated, highly reliable, one-of-a-kind communication systems. During his 9 year tenure in the IDF and Israeli government, he received 4 certificates of excellence and two commendations. During his career he has been on both the red and blue sides, joined an early stage start-up to build EDR products from scratch on various operating systems, conducted low level operating system research, reverse engineered malware, performed countless IR engagements, helped build a global research team and brand, and stopped a few global attacks (NotPetya, BadRabbit, Operation softcell to name a few). Amit is a frequent public speaker at security conferences all over the world and shares his research and knowledge in various blog posts, conferences, and podcasts. You can find Amit on Twitter [@0xAmit](https://twitter.com/0xAmit)

This episode is also available as a video recording:

This Episode is brought to you by Technologies. Choose KEMP to optimize your multi- application deployments and simplify multi-cloud application management. A single pane-of-glass for application delivery, provides a 360 degree view of your entire application environment, and even third-party ADCs. KEMP360 [for today at kemptechnologies.com](https://kempte.ch/2MYXjew)