Displaying all 4 Episode of Three Buddy Problem with the tag “pwn2own”.
-
Cris Neckar on the early days of securing Chrome, chasing browser exploits
April 11th, 2024 | 54 mins 36 secs
chrome, investments, pwn2own, supply chain, venture capital
Episode sponsors:
- Binarly, the supply chain security experts (https://binarly.io)
- XZ.fail backdoor detector (https://xz.fail)
Cris Neckar is a veteran security researcher now working as a partner at Two Bear Capital. In this episode, he reminisces on the early days of hacking at Neohapsis, his time on the Google Chrome security team, shenanigans at Pwn2Own/Pwnium and the cat-and-mouse battle for browser exploit chains. We also discuss the zero-day exploit marketplace, the hype and promise of AI, and his mission to help highly technical founders bring products to market.
-
Charlie Miller on hacking iPhones, Macbooks, Jeep and Self-Driving Cars
October 18th, 2022 | 59 mins
apple, car hacking, iphone, lockdown mode, pwn2own, self driving cars
Episode sponsors:
- Binarly (https://binarly.io)
- FwHunt (https://fwhunt.run)
Famed hacker Charlie Miller joins Ryan on the podcast to discuss a career in vulnerability research and software exploitation. Charlie talks about hacking iPhones and Macbooks at Pwn2Own, the 'No More Free Bugs' campaign, the Jeep hack that led to a recall and his current work securing Cruise's self-driving fleet.
-
Google's Shane Huntley on zero-days and the nation-state threat landscape
April 4th, 2022 | 40 mins 44 secs
exploits, google, project zero, pwn2own, zero-day
Director at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...
-
Throwback: Zero-day exploit broker Chaouki Bekrar
March 3rd, 2021 | 24 mins 42 secs
exploit brokers, exploits, pwn2own, vupen, zero-day, zerodium
This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes.
The recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest.
Please excuse the audio quality and background noise.