Jason Geffner

@[email protected]
532 Followers
202 Following
185 Posts
Principal Security Architect at Microsoft. Formerly at Google, Amazon, CrowdStrike.
GitHubhttps://github.com/geffner
Jason GeffnerDec 15, 2023

I recently discovered a new CVSS 10.0 vulnerability in Perforce Helix Core Server that allows for unauthenticated remote code execution (RCE) as LocalSystem. Read all about it and three new CVSS 7.5 vulnerabilities in my blog post below.

https://www.microsoft.com/en-us/security/blog/2023/12/15/patching-perforce-perforations-critical-rce-vulnerability-discovered-in-perforce-helix-core-server/

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server | Microsoft Security Blog

Four new unauthenticated remotely exploitable security vulnerabilities discovered in the popular source code management platform Perforce Helix Core Server have been remediated after being responsibly disclosed by Microsoft. Perforce Server customers are strongly urged to update to version 2023.1/2513900.

Microsoft Security Blog
Show threadJason GeffnerFeb 12, 2023
For comparison, here's The Super Bowl Shuffle: https://www.youtube.com/watch?v=ooT_uz--O2A
Chicago Bears Shufflin' Crew - The Super Bowl Shuffle 1985

YouTube
Jason GeffnerFeb 12, 2023

Many of you know of The Chicago Bears' "The Super Bowl Shuffle" from 1985, but only the greatest know of The Super Broker Shuffle.

https://www.youtube.com/watch?v=NVSVDO6QY7k

Super Broker Shuffle

YouTube
Show threadJason GeffnerFeb 10, 2023
@lcamtuf How else do you expect people to fix faulty hyperionic transflux relays?
Jason GeffnerFeb 10, 2023

What I talked about at conference parties:

In my 20s: things I’ve reverse engineered or popped a shell on
In my 30s: professionalism and career advancement
In my 40s: my wife and daughter ❤️

Jason GeffnerFeb 9, 2023
I’ve finally tried the famous Microsoft bacon! It is indeed good -- salty, smoky, sweet, and neither too crispy nor too soggy. I only wish it was thicker cut, but for free bacon I can’t complain.
Jason GeffnerFeb 8, 2023
Good morning, #BlueHat!
Jason GeffnerFeb 7, 2023

I'll be at Microsoft #BlueHat this week! If you see me, come say hi!

https://www.microsoft.com/bluehat/

BlueHat | Microsoft

Microsoft BlueHat - Bringing offensive and defensive cyber security professionals together to address modern threats.

Microsoft
Jason GeffnerJan 31, 2023

I'm in a training class today.

Instructor: "Being curious is a key quality of great leadership."
Me: "Why?"

Jason GeffnerJan 31, 2023
Whoever at Intel is in charge of naming mnemonics has become drunk with power over the years: