• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Dakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub, conducting research on China’s efforts to develop its hacking capabilities, artificial-intelligence and cybersecurity research at Chinese universities, the People’s Liberation Army’s efforts to automate software vulnerability discovery, and new policies to improve China’s cybersecurity-talent pipeline.

In this episode, Cary expands on a new report -- 'Sleight of Hand' -- that delves into the changing legal landscape for vulnerability disclosure in China, the PRC's weaponization of software vulnerabilities, advanced threat actors in China and that infamous Bloomberg 'rice grain' spy chip story.

Links:

• Sleight of hand: How China weaponizes software vulnerabilities
• Dakota Cary on Twitter
• Moussouris: U.S. Should Resist Urge to Match China Vuln Reporting Mandate
• CSRB Log4j incident report (PDF)
• CISA China Cyber Threat Overview and Advisories

SentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing CISOs, and a mysterious actor named Metador.

Links:

• Report: The Mystery of Metador
• J. A. Guerrero-Saade on Twitter
• LABScon - Security Research in Real Time
• Researchers Crowdsourcing Effort to Identify Mysterious Metador APT