Who’s hacking who? Ivanti 0-days in France, China outs 'Night Eagle' APT

July 3rd, 2025  |  1 hr 34 mins

apt research, cyberwarfare, exploits, nation-state, zero-day

Three Buddy Problem - Episode 52: Fresh intelligence reports out of Europe and China: France’s ANSSI documents a string of Ivanti VPN zero-days ('Houken'), and Quanxin frames a stealth Microsoft Exchange-zero-day chain linked to a North American 'Night Eagle' threat actor. We dissect the technical bread-crumbs, questions the attribution math, and connects Houken to SentinelOne’s “Purple Haze” research.

Plus, the FBI’s claim that China’s “Salt Typhoon” has been “contained,” Iran’s Nobitex crypto-exchange breach (Predatory Sparrow torches $90 million and leaks the source code), Iranian cyber capabilities and sanctions avoidance.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

Federico Kirschbaum on a life in the Argentina hacking scene

July 19th, 2023  |  42 mins 1 sec

argentina, core security, ekoparty, exploits, zero-day

Episode sponsors:

• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Faraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.

JAG-S on big-game malware hunting and a very mysterious APT

October 17th, 2022  |  52 mins 40 secs

apts, cyberespionage, exploits, zero-day

• Episode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.

SentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing CISOs, and a mysterious actor named Metador.

Project Zero's Maddie Stone on the surge in zero-day discoveries

May 10th, 2022  |  42 mins 10 secs

disclosure, exploits, google, memory safety, project zero, transparency, zero-day

Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.

Google's Shane Huntley on zero-days and the nation-state threat landscape

April 4th, 2022  |  40 mins 44 secs

exploits, google, project zero, pwn2own, zero-day

Director at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...

Costin Raiu on the .gov mobile exploitation business

December 23rd, 2021  |  41 mins 18 secs

android, apple, exploits, ios malware, nso pegasus, psoas, zero-day

Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.

Throwback: Zero-day exploit broker Chaouki Bekrar

March 3rd, 2021  |  24 mins 42 secs

exploit brokers, exploits, pwn2own, vupen, zero-day, zerodium

This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes.

The recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest.

Please excuse the audio quality and background noise.

David Weston, Principal Security Engineering Manager, Microsoft

June 24th, 2018  |  46 mins 23 secs

exploits, microsoft, mitigations, windows

David Weston manages the Windows Device and Offensive Security Research teams at Microsoft. He joins the podcast to talk about how proactive red-team exercises push major mitigations to Microsoft's products and the current state of security in the Windows ecosystem.