Displaying items 1-10 of 100 in total of Three Buddy Problem with the tag "zero-day".
-
Federico Kirschbaum on XBOW, AI Hackers, and the Future of Pen Testing
May 25th, 2026 | 58 mins 2 secs
ai, apt research, cyberespionage, nation-state, ransomware, zero-day
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).
Three Buddy Problem x Ekoparty Miami: Federico Kirschbaum, founder of Ekoparty and now head of Security Lab at XBOW, talks about what happens to offensive security when an autonomous AI hacker can find and exploit real vulnerabilities. Fede walks through XBOW's "Tales from the Trace," the surreal experience of watching a non-human adversary reason its way to an ASLR bypass, and why he believes pen-testing isn't dying but finally becoming accessible to far more than the world's biggest companies.
Plus, where humans still matter in the loop, whether an LLM-discovered bug is public by definition, the looming reckoning over software liability, and Halvar Flake's very honest fear of getting lazy.
Cast: Ryan Naraine, Juan Andres Guerrero-Saade, Federico Kirschbaum
Timestamps:
0:00 Fede's move to XBOW
2:20 What's XBOW building? An AI hacker for real vulnerabilities
5:53 Where the human stays in the loop
6:35 The Exim bug: a craftsman races the LLM to an ASLR bypass
10:49 Does bug discovery still need a human asking the right question?
16:24 A short history: Satan, CORE, Metasploit, bug bounties
18:48 An LLM-discovered bug is public by definition
24:12 Halvar Flake's laziness worry & the assembly-to-C parallel
29:47 Rising tides: script kiddies get the full gamut
41:02 The economics: does pentesting get cheap?
43:18 Argentina, Ekoparty, and an untapped talent pipeline -
Jordan Wiens on AI, Offense vs. Defense, and the Dying CTF Pipeline
May 24th, 2026 | 44 mins 17 secs
ai, apt research, cyberespionage, nation-state, ransomware, zero-day
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).
Three Buddy Problem x Ekoparty Miami: Jordan Wiens, co-founder of Vector 35 and creator of Binary Ninja, talks about a decade spent building a decompiler in a market everyone told him not to enter. He walks through why accessibility drove the whole project, how Binja's intermediate-language system stacks up against IDA, Ghidra, and Radare, and why language-specific decompilation for Rust, C++, and Go is the next real frontier.
Plus, thoughts on AI disruption and why "the model can do it" misses the point that the model is just driving the tool, what verifiability really means, whether AI tilts the field toward offense or defense, and questions around subsidized tokens, the collapse of the CTF talent pipeline, and what happens to a craft when the shortcut is always one prompt away.
Cast: Ryan Naraine, Juan Andres Guerrero-Saade, Jordan Wiens.
Timestamps:
0:00 Introductory banter
1:22 Vector 35 and the origin of Binary Ninja
2:32 From CTFs and SCIFs to building a decompiler
3:27 Before Ghidra: when an IDA license was out of reach
9:47 Language-specific decompilation: Rust, C++, and Go
12:47 Running a 17-person bootstrapped shop with no org chart
13:50 DARPA money, In-Q-Tel, and staying independent
15:23 AI as disruptor: the model drives the tool
18:06 Verifiability and the Fast16 reversing story
25:10 How AI actually gets used inside the company
28:52 Frontier models and guardrails
33:30 Will AI favor offense or defense?
40:51 Shrinking CTF talent pipelines -
The AI-powered 10x patch tsunami has arrived. Now what?
May 15th, 2026 | 1 hr 50 mins
ai, apt research, cyberespionage, nation-state, ransomware, zero-day
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).
Three Buddy Problem - Episode 98: We dive back into the fast16 malware discovery with fresh speculation that it's targeting spherical implosion simulations for Iran's nuclear program, and wonder who on earth is qualified to confirm this.
Plus, thoughts on OpenAI's new three-tier cyber access program, Microsoft's MDASH harness, the 10x Patch Tuesday tsunami, Cloudflare's 1,100 layoffs blamed on AI, and why frontier-lab guardrails may just be elaborate security theater.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
Timestamps:
0:00 - Introductory banter
3:19 - fast16 update: spherical implosion simulations?
9:01 - Manhattan Project precedent — why this matches Iran
12:28 - Who can actually reproduce the FAST 16 attack?
19:32 - Google GTIG's "AI-written" zero-day
22:13 - The rise of AI-backend "silent detections"
25:54 - Guardrails as security theater
38:47 - Are the 10x patch numbers real defense?
43:48 - OpenAI's Trusted Access tiers + Microsoft MDASH
53:35 - End of the ‘patch-and-pray’ model
57:50 - Sean Heelan: strict harnesses can make models worse
1:03:51 - Pwn2Own Berlin overflow and bug-density debate
1:12:24 - Cloudflare's 1,100 layoffs and AI as scapegoat
1:27:42 - RCS encryption, Android Intrusion Logging, Seedworm & Kazuar -
The disappointing death of big-game APT reporting
May 10th, 2026 | 2 hrs 2 mins
ai, apt research, cyberespionage, nation-state, ransomware, zero-day
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).
Three Buddy Problem - Episode 97: We discuss the disappearing art of Windows APT paleontology, the absence of complex malware documentation, and why so much threat-intel research has slipped behind paywalls and into private rooms.
Plus, a surge in AI-discovered bugs in Firefox and Chrome, a rough week for Linux security flaw disclosures, and the usual Ivanti and Palo Alto zero-day bulletins that ship without a single IOC.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
Timestamps:
0:00 - Introductory banter
1:17 - Inside TLP-Red: writing hashes by hand
3:57- fast16 fallout and the threat intel trust collapse
9:17 - The death of cyber paleontology on Windows
14:49 - Mobile is the new paleontology frontier
15:48 - When threat intel went private: the CrowdStrike effect
23:29 - Falling sideways into intelligence brokerage
36:05 -- AI, Easter eggs, and the loss of malware artistry
47:22 -- Will the Frontier Labs publish threat intel?
51:43 -- fast16 follow-up reports coming
1:09:38 - Mythos, Aardvark, and the patch tsunami
1:15:33 - CopyFail and the Linux reboot crisis
1:51:05 - UAPs, Pulitzers, last-ever LabsCon, and shoutouts -
Cracking the Fast16 sabotage malware mystery
May 1st, 2026 | 1 hr 47 mins
ai, apt research, cyberespionage, nation-state, ransomware, zero-day
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).
Three Buddy Problem - Episode 96: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program.
We discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie "spiritual warfare" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology.
Cast: Andy Greenberg (WIRED), Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
Timestamps:
0:00 - WIRED’s Andy Greenberg joins the show
1:53 - How the FAST16 scoop landed in Andy's lap
6:45 - JAGS sat on this sample for 7 years
10:33 - How Costin and the Kaspersky team missed the sabotage routine
15:20 - The "holy moly" moment: what FAST16 actually does
18:26 - Territorial Dispute, Shadow Brokers, and the driver list
24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran
28:13 - No C&C, no victims: a worm built for air-gapped networks
34:45 - Was this part of a larger anti-Iran toolkit?
37:55 - Attribution: NSA, Israel, or someone else entirely?
51:39 - What was the actual sabotage? Unanswered questions
55:48 - "Spiritual warfare": the psychological angle and trust in computers
1:20:05 - Equities, going public, and the case for AI-powered reversing
1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone
1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and Ekoparty -
Mark Dowd on AI hacking, exploit chains, zero-day sales
April 24th, 2026 | 2 hrs 2 mins
ai, apt research, cyberespionage, nation-state, ransomware, zero-day
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).
Three Buddy Problem - Episode 95: Vigilant Labs director Mark Dowd joins the show to shed light on the state of offensive research, the economics of the exploit market, and why "Mark Dowd in a box" isn't quite the threat the AI hype machine suggests. He talks through the daily stresses of running an offensive shop, how AI is reshaping vulnerability discovery, exploit development, and the pricing of full exploit chains.
Plus, thoughts on Lockdown Mode and Apple's MIE, whether mitigations actually work or just push attackers toward less access, the rise of HarmonyOS and the Balkanization of device security, persistence, baseband attacks, GrapheneOS, and Samsung Knox.
We discuss customer vetting and OpSec fears, policymakers who've never written an exploit, and the strange afterlife of The Art of Software Security Assessment, the 20-year-old book now possibly training data for the very tools coming for his job.
Cast: Mark Dowd, Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
Timestamps:
0:00 Introductions
4:28 The origin story of Azimuth: why go offensive?
6:26 Stresses of running an offensive research business
12:10 "Mark Dowd in a box" — is AI an existential threat to vuln research?
16:13 Using AI in workflow: frontier models vs. local models
22:05 AI in bug-finding vs. exploit implementation
30:30 Watching AI tear through a firmware backdoor
38:23 Artificial guardrails and the "POC" wall
43:25 Will AI commoditize 0days? The high-end vs. low-end vendor split
57:30 How AI disrupts exploit chain pricing
1:05:18 Does persistence still matter? Should you reboot your phone?
1:09:33 Lockdown Mode, MIE, and Apple's "never been compromised" claim
1:14:25 Do mitigations really work, or are we stuck in an endless loop?
1:23:25 Android vs. iOS vs. Huawei's HarmonyOS Next
1:34:44 Exploit leaks, customer vetting, and OpSec fears
1:41:37 GrapheneOS, Samsung Knox and baseband attacks
1:53:56 Did the exploit market save us from encryption backdoors?
1:55:11 What does the threat-intel community get wrong about vuln research? -
The Angry Spark APT Mystery: A Year-Long Backdoor, One Victim, Zero Attribution
April 18th, 2026 | 2 hrs 35 mins
ai, apt research, cyberespionage, nation-state, ransomware, zero-day
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).
Three Buddy Problem - Episode 94: We discuss a mysterious, VM-obfuscated backdoor that lived undetected on a single U.K. machine for a year before disappearing, finding clues pointing to an elite-level APT intrusion that still evades broader industry coverage.
Plus, connecting the dots across AI-driven vulnerability discovery, Microsoft’s massive Patch Tuesday, Jensen Huang talks cybersecurity, Mythos dangers and Chinese chips, and the quiet erosion of CVE enrichment at NIST.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
Timestamps:
0:00 – Intros + AI news whiplash
5:10 – Patch Tuesday breakdown: Microsoft's second-largest CVE release ever
7:32 – AI accelerating vulnerability discovery at record pace
10:00 – Frontier lab cyber models, fine-tuning, guardrail removal & KYC
12:37 – FreeBSD NFS bug: Opus 4.6 was already finding critical vulns
14:26 – Anthropic's infrastructure strain: Is Opus being nerfed?
21:05 – OpenAI's Trusted Access for Cyber vs. Anthropic's Mythos cabal
28:45 – SharePoint zero-day CVE-2026-32201: The endless Microsoft tax
34:36 – Adobe Acrobat zero-day: A rare, real, Russia-linked exploit in the wild
41:36 – VirusTotal mining: The golden age of threat intel hunting
50:03 – ZionSiphon: Vibe-coded OT malware targeting Israeli water infrastructure
55:04 – Paleontology of threat research: When do you publish? Who do you trust?
1:13:53 – Angry Spark: A one-machine, one-year backdoor raises eyebrows
1:49:25 – Jensen Huang vs. Dwarkesh Patel on Mythos, China and chips
2:14:32 – Chinese AI distillation: 24,000 fake Anthropic accounts, DeepSeek & the catch-up question -
The Claude Mythos, Project Glasswing Shockwave
April 10th, 2026 | 2 hrs 34 mins
ai, apt research, cyberespionage, nation-state, ransomware, zero-day
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).
Three Buddy Problem - Episode 93: We discuss Anthropic's release of Claude Mythos Preview (an AI model so capable and dangerous they won't release it publicly) and debate the looming patching crisis, bug bounty extinction, possible US government nationalization of frontier labs, and why the NSA might not be thrilled about all this bug-fixing.
Plus, North Korea's six-month Drift Protocol con job, APT28's retro DNS hijacking campaign, and Microsoft's driver signing mess hitting WireGuard and VeraCrypt.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
0:00 — Opening banter
1:36 — Claude Mythos Preview, Project Glasswing Announcement
7:22 — Parsing the Hype: Is Mythos Really a Step Change?
11:31 — Costin's Take: Is This All a PR Stunt?
17:10 — The Patching Problem: What Happens After the Zero Days?
28:11 — Bug Bounty Programs Under Threat from AI
33:37 — What Will Companies Actually Do With Mythos?
45:09 — Geopolitics: Where Is the US Government? Nationalization Talk
53:01 — Source Code vs. Binary: The Real Limits of Mythos
1:00:01 — Model Recklessness, Guardrails and the Psychiatrist
1:06:17 — Fortinet: Another Zero Day, No Patch, No IOCs
1:09:08 — North Korean Drift Protocol Heist: $285 Million Stolen
1:24:39 — SOHO Router DNS Hijacking: APT28 and FBI Disruption
1:32:34 — Microsoft Suspensions Hit WireGuard, VeraCrypt, OSR
1:38:49 — Shout-Outs, Conferences & Closing -
LLMs writing exploits, engineers losing skills, and a case for the generative OS
April 3rd, 2026 | 2 hrs 19 mins
ai, apt research, cyberespionage, nation-state, ransomware, zero-day
(Presented by TLPBLACK - High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)
Three Buddy Problem - Episode 92: Costin walks through real-world ransomware incident response while Juanito makes the case for AI-generated operating systems that never run anyone else's code. Plus, debates on whether vulnerability research is cooked, why nobody should pay ransoms, and what the security industry looks like after the massive AI flood.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
0:00 – Introductory banter
2:00 – Costin's ransomware incident response work
3:30 – How attackers break in: Fortinet vulnerabilities everywhere
6:30 – Hunting for ransomware decryption keys
9:00 – Breaking into ransomware C2s and monitoring leak sites
12:00 – The ransom payment debate: should you ever pay?
16:00 – Why "don't pay the ransom" is overgeneralized
21:00 – How ransomware gangs price their demands
24:00 – The AI-pilling of the security industry
28:30 – Nicholas Carlini, Ptacek, and "vulnerability research is cooked"
35:00 – Towards a generative-first operating system
41:00 – Code factories, trusted computing, and killing dependencies
48:00 – Microsoft and Apple's AI positioning
56:00 – Chris St. Myers' "Cognitive Rust Belt" essay
1:18:00 – Choice, The Matrix, and the illusion of control
1:38:00 – Supply chain attacks, North Korea, and dependency sprawl -
Google's Cyber Disruption Unit; Coruna is Triangulation, US Bans Foreign-Made Routers
March 28th, 2026 | 2 hrs 32 mins
ai, apt research, cyberespionage, nation-state, ransomware, zero-day
(Presented by TLPBLACK - High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)
Three Buddy Problem - Episode 91: This week we dig into Google's new cyber threat disruption unit announced at RSAC, Kaspersky confirming Coruna is a direct evolution of Operation Triangulation, and a cascading supply chain compromise that chained through LiteLLM, Trivy, and Checkmarx into thousands of software pipelines.
Plus, VCs and the breathless AI hype, Apple's iOS 26.4 and silent patches, the FCC's ban on foreign-made routers, and Symantec catching an APT looking for Chinese military data.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
0:00 Intro & Pre-Show Banter
3:08 JAGS in San Francisco: RSAC week recap
6:05 Google Launches Cyber Disruption Unit — What's Actually New?
13:43 Why Separate Disruption Units Matter: ROI & Budget Justification
29:11 Haroon Meer's RSA Reality Check: The AI Hype Machine
32:37 The VC Ponzi Cycle & How Easy Money Hollowed Out Cybersecurity
47:32 ENT.ai & Tenex AI Hackathon at RSAC
53:08 Kaspersky Links Corona Exploit Kit to Operation Triangulation
1:08:09 Trenchant Cleanup & Lessons from Equation Group Burns
1:19:31 Apple iOS Patches, Hong Kong Device Passcode Law
1:27:53 Handala Hacks FBI Director Kash Patel's Personal Gmail
1:37:32 LeakBase Admin "Chucky" Arrested in Russia — FSB Gets the Data
1:45:38 Supply Chain Attacks: TeamPCP Hits LiteLLM & Trivy
2:04:34 FCC Bans Foreign-Made Routers — But What Do We Buy?