Project Zero's Maddie Stone on the surge in zero-day discoveries

May 10th, 2022  |  42 mins 10 secs

disclosure, exploits, google, memory safety, project zero, transparency, zero-day

Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.

Google's Shane Huntley on zero-days and the nation-state threat landscape

April 4th, 2022  |  40 mins 44 secs

exploits, google, project zero, pwn2own, zero-day

Director at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...

Costin Raiu on the .gov mobile exploitation business

December 23rd, 2021  |  41 mins 18 secs

android, apple, exploits, ios malware, nso pegasus, psoas, zero-day

Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.

Throwback: Zero-day exploit broker Chaouki Bekrar

March 3rd, 2021  |  24 mins 42 secs

exploit brokers, exploits, pwn2own, vupen, zero-day, zerodium

This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes.

The recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest.

Please excuse the audio quality and background noise.