Project Dusseldorf: Finding Out-Of-Band Vulnerabilities At Cloud Scale - Michael
Nullcon Goa 2025 · Main Stage
In this insightful talk from Nullcon, Michael Hendricks, a Principal Security Engineer at Microsoft, unveiled Project Dusseldorf, an internally developed and now open-source tool designed to detect out-of-band (OOB) vulnerabilities at an unprecedented scale. Hendricks, who runs a team focused on hardware and open-source research within Microsoft Security Response Center (MSRC) and is an OWASP Seattle chapter lead, shared the motivations and technical intricacies behind this powerful platform. Dusseldorf addresses the critical challenge of **variant hunting** within large organizations, where a single reported vulnerability can lead to dozens or even hundreds of related security issues across a vast codebase and infrastructure.
AI review
Dusseldorf is a real tool that solves a real operational problem — variant hunting at cloud scale — and the open-sourcing is a genuine community contribution. But the talk is a product walkthrough of an OOB interaction platform, not a research talk: Burp Collaborator and interact.sh have owned this space for years, and the novelty here is enterprise scale and self-hosting, not a new technique.