Best Ryan Naraine Podcasts (2024)

1
Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks 1:37:00

1h ago1:37:00

1:37:00

Three Buddy Problem - Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘…

1
The Sophos kernel implant, 'hack-back' implications, CIA malware in Venezuela 1:54:14

2h ago1:54:14

1:54:14

Three Buddy Problem - Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, the concept of ‘hack-back’ and legal implications, geopolitical layers of cyber espionage, CIA malware in Venezuela, Vatican/Mossad mentioned in high-profile Italy hacks, and Canada bra…

1
Fortinet 0days, Appin hack-for-hire exposé, crypto heists, Russians booted from Linux kernel 1:26:44

12d ago1:26:44

1:26:44

Three Buddy Problem - Episode 18: This week’s show covers the White House's new Traffic Light Protocol (TLP) guidance, Reuters expose of Appin as a hack-for-hire mercenary company, Fortinet zero-day exploitation and missing CSRB investigations, major cryptocurrency heists, Apple opening Private Cloud Compute to public inspection, Russians removed f…

1
ESET Israel wiper malware, China's Volt Typhoon response, Kaspersky sanctions and isolation 1:38:18

12d ago1:38:18

1:38:18

Three Buddy Problem - Episode 17: News of a wiper malware attack in Israel implicating ESET, threats from wartime hacktivists, China's strange response to Volt Typhoon attribution and Section 702 messaging, an IE zero-day discovery and web browser rot in South Korea, the ongoing isolation of Kaspersky due to sanctions, and the geopolitical influenc…

1
Typhoons and Blizzards: Cyberespionage and national security on front burner 1:09:09

19d ago1:09:09

1:09:09

Three Buddy Problem - Episode 16: We break down the new GCHQ advisory on the history and tactics of Russia’s APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge…

1
Careto returns, IDA Pro pricing controversy, crypto's North Korea problem 1:30:38

1M ago1:30:38

1:30:38

Three Buddy Problem - Episode 15: Juanito checks in from Virus Bulletin with news on the return of Careto/Mask, a ‘milk-carton’ APT linked to Spain. We also cover the latest controversy surrounding IDA Pro's subscription model, a major new YARA update, and ongoing issues with VirusTotal's value and pricing. The conversation shifts to North Korean c…

1
Exploding beepers, critical CUPS flaws, Windows Recall rebuilt for security 1:19:07

1M ago1:19:07

1:19:07

Three Buddy Problem - Episode 14: The buddies are back together for a discussion on Juan’s LABScon keynote and mental health realities, Microsoft rewriting the Windows Recall security architecture, a new CVSS 9.9 Linux CUPS flaw, Kaspersky's controversial transition to Ultra AV, and the intelligence operations surrounding exploding pagers in Lebano…

1
Ep13: The Consolation of Threat Intel (JAG-S LABScon keynote) 31:41

1M ago31:41

31:41

Three Buddy Problem - Episode 13: This is a special edition of the show, featuring Juan Andres Guerrero-Saade's full keynote day remarks at LABScon2024. In this talk, Juanito addresses the current state of the threat intelligence industry, expressing a need for a difficult conversation about its direction and purpose. He discusses feelings of disen…

1
Ep12: Security use-cases for AI chain-of-thought reasoning 1:14:20

2M ago1:14:20

1:14:20

Three Buddy Problem - Episode 12: Gabriel Bernadett-Shapiro joins the show for an extended conversation on artificial intelligence and cybersecurity. We discuss the hype around OpenAI's new o1 model, AI chain-of-thought reasoning and security use-cases, pervasive chatbots and privacy concerns, and the ongoing debate between open source and closed s…

1
Ep11: Cyberwarfare takes an ominous turn 1:15:13

2M ago1:15:13

1:15:13

Three Buddy Problem - Episode 11: Russia's notorious GRU Unit 29155 (previously tied to assassinations, poisonings and coup attempts) now blamed for destructive cyberattacks for sabotage; FBI and DOJ take down 'Doppelganger' network spreading Russian propaganda; CISA's budget, staff, advisories and YARA rules; Influence Operations 2.0; prolific Chi…

1
Ep10: Volt Typhoon zero-day, Russia's APT29 reusing spyware exploits, Pavel Durov's arrest 1:18:37

2M ago1:18:37

1:18:37

Three Buddy Problem - Episode 10: Top stories this week -- Volt Typhoon zero-day exploitation of Versa Director servers, Chinese APT building botnets with EOL routers, the gap in security solutions for network devices and appliances, Russia's APT29 (Midnight Blizzard) caught reusing exploits from NSO Group and Intellexa, Microsoft’s upcoming Window…

1
Ep9: The blurring lines between nation-state APTs and the ransomware epidemic 1:06:16

2M ago1:06:16

1:06:16

Three Buddy Problem - Episode 9: On this episode, we look at the hacking scene in Taiwan, the sad state of visibility into big malware campaigns, the absence of APTs linked to the prolific MIVD Dutch intelligence agency, the blurring lines between big ransomware heists and nation-state actors caught using ransomware as a tool for sabotage and misat…

1
Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China 1:17:45

3M ago1:17:45

1:17:45

Three Buddy Problem - Episode 8: This week’s show digs into Microsoft’s in-the-wild zero-day woes, Patch Tuesday and the absence of IOCs, a wormable Windows TCP/IP flaw that the Chinese government knew about for months, Iran’s aggressive hacking US election targets, CrowdStrike v Qihoo360 and major problems with APT naming conventions. Hosts: Costi…

1
Ep7: Crowd2K and the kernel, PKFail supply chain failures, Paris trains sabotage and Russian Olympic attacks 1:10:03

3M ago1:10:03

1:10:03

Three Buddy Problem - Episode 7: In this episode, we try to close the book on the CrowdStrike Windows BSOD story, Microsoft VP David Weston’s technical documentation and issues around kernel access and OS resilience. We also discuss Binarly’s PKFail research, secure boot bypasses, Dan Geer and tech monoculture, software vendor liability issues and …

1
Ep6: After CrowdStrike chaos, should Microsoft kick EDR agents out of Windows kernel? 1:16:37

3M ago1:16:37

1:16:37

Three Buddy Problem - Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid in…

1
Ep5: CrowdStrike's faulty update shuts down global networks 59:51

4M ago59:51

59:51

Three Buddy Problem - Episode 5: Hot off the press, we dive into the news of the CrowdStrike software update that caused blue screens on computers worldwide, the resulting chaos and potential connections to the Microsoft 365 outage, the fragility of modern computing and the risks of new software paradigms. We also discuss the AT&T mega-breach and t…

1
Ep4: The AT&T mega-breach, iPhone mercenary spyware, Microsoft zero-days 1:11:39

4M ago1:11:39

1:11:39

Three Buddy Problem - Episode 4: The boys delve into the massive AT&T call logs breach, the Snowflake incidents and the notion of shared-fate/shared responsibilities; news on fresh Apple notifications about mercenary spyware on iPhones and the effectiveness of notifications for different types of controversial targets. Plus, thoughts on Microsoft's…

1
Ep3: Dave Aitel joins debate on nation-state hacking responsibilities 1:04:29

4M ago1:04:29

1:04:29

The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on …

1
Ep2: A deep-dive on disrupting and exposing nation-state malware ops 1:08:42

4M ago1:08:42

1:08:42

The 'Three Buddy Problem' Podcast Episode 2: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade go all-in on the discussion around Google Project Zero disrupting counter-terrorism malware operations. A deep dive on disruption vs exposure, the effects of US government sanctions on private mercenary hacking companies, hypocricy and the tricky r…

1
Ep1: The Microsoft Recall debacle, Brad Smith and the CSRB, Apple Private Cloud Compute 46:55

4M ago46:55

46:55

Welcome to Episode 1 of a brand new cybersecurity podcast discussing the biggest news stories of the week. Ryan Naraine hosts a fast-moving conversation with Juan Andres Guerrero-Saade (LABScon) and Costin Raiu (Art of Noh) on the Microsoft Recall debacle, the dark patterns emerging as big-tech embraces AI, Brad Smith's testimony and the lingering …

1
Cris Neckar on the early days of securing Chrome, chasing browser exploits 54:36

7M ago54:36

54:36

Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) XZ.fail backdoor detector (https://xz.fail) Cris Neckar is a veteran security researcher now working as a partner at Two Bear Capital. In this episode, he reminisces on the early days of hacking at Neohapsis, his time on the Google Chrome security team, shenanigans at…

1
Costin Raiu joins the XZ Utils backdoor investigation 51:33

7M ago51:33

51:33

Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) XZ.fail backdoor detector (https://xz.fail) Malware paleontologist Costin Raiu returns for an emergency episode on the XZ Utils software supply chain backdoor. We dig into the timeline of the attack, the characteristics of the backdoor, affected Linux distributions, a…

1
Katie Moussouris on building a different cybersecurity businesses 29:50

10M ago29:50

29:50

Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Katie Moussouris founded Luta Security in 2016 and bootstrapped it into a profitable business with a culture of equity and healthy boundaries. She is a pioneer in the world of bug bounties and vulnerability disclosure and serves in multiple…

1
Costin Raiu: The GReAT exit interview 1:32:13

10M ago1:32:13

1:32:13

Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Costin Raiu has spent a lifetime in anti-malware research, working on some of the biggest nation-state APT cases in history, including Stuxnet, Duqu, Equation Group, Red October, Turla and Lazarus. In this exit interview, Costin digs into w…

1
Danny Adamitis on an 'unkillable' router botnet used by Chinese .gov hackers 34:07

10M ago34:07

34:07

Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Danny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research division within Lumen Technologies. On this episode of the show, we discuss his team's recent discovery of an impossible-to-kill botnet pac…

1
Allison Miller talks about CISO life, protecting identities at scale 38:12

11M ago38:12

38:12

Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Allison Miller is founder and CEO of Cartomancy Labs and former CISO and VP of Trust at Reddit. She has spent the past 20 years scaling teams and technology at Bank of America, Google, Electronic Arts, PayPal/eBay, and Visa International. I…

1
Rob Ragan on the excitement of AI solving security problems 51:16

11M ago51:16

51:16

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Rob Ragan, principal architect and security strategist at Bishop Fox, joins the show to share insights on scaling pen testing, the emergence of bug bounty programs, the value of attack surface management, and the role of AI in cybersecurity. We dig into the importance of pro…

1
Seth Spergel on venture capital bets in cybersecurity 28:56

12M ago28:56

28:56

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Seth Spergel is managing partner at Merlin Ventures, where he is responsible for identifying cutting-edge companies for Merlin to partner with and invest in. In this episode, Seth talks about helping startups target US federal markets, the current state of deal sizes and val…

1
Dan Lorenc on fixing the 'crappy' CVE ecosystem 41:45

12M ago41:45

41:45

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Dan Lorenc is CEO and co-founder of Chainguard, a company that raised $116 million in less than two years to tackle open source supply chain security problems. In this episode, Dan joins Ryan to chat about the demands of building a "growth mode" startup, massive funding roun…

1
Cisco Talos researcher Nick Biasini on chasing APTs, mercenary hackers 31:27

1y ago31:27

31:27

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Nick Biasini has been working in information security for nearly two decades. In his current role as head of outreach for Cisco Talos Intelligence Group, he leads a team of threat researchers tasked with tracking nation-state APTs, mercenary hacker groups and ransomware cybe…

1
Allison Nixon on disturbing elements in cybercriminal ecosystem 48:39

1y ago48:39

48:39

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Allison Nixon is Chief Researcher at Unit 221B and a trailblazer in the world of cybercrime research. In this episode, we deep-drive into the shadowy dynamics of underground criminal communities, high-profile ransomware attacks, teenage hacking groups breaking into big compa…

1
Dakota Cary on China's weaponization of software vulnerabilities 55:48

1y ago55:48

55:48

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Dakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub, conducting research on China’s efforts to develop its hacking capabilities, artificial-intelligence and cybersecurity research at Chinese universities, the People’s Liberation Army’s efforts to a…

1
Abhishek Arya on Google's AI cybersecurity experiments 33:27

1y ago33:27

33:27

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Abhishek Arya is director of engineering at Google, overseeing open source and supply chain security efforts that include OSS-Fuzz, SLSA, GUAC and OSV DB. In this episode, Arya talks about some early success experimenting with AI and LLMs on fuzzing and vulnerability managem…

1
Dr Sergey Bratus on the 'citizen science' of hacking 40:02

1y ago40:02

40:02

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Dr Sergey Bratus is a Research Associate Professor of Computer Science at Dartmouth College and a program manager at DARPA. In this episode, he discusses his pioneering work on securing parsers and patching long-forgotten devices. He also puts the AI hype into context and sh…

1
DARPA's Perri Adams on CTF hacking, new $20M AI Cyber Challenge 26:47

1y ago26:47

26:47

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) DARPA program manager Perri Adams joins the conversation to chat about her love for CTF hacking competitions, the hunt for leapfrog security technologies in DARPA’s Information Innovation Office (I2O), and the goal of the new AI Cyber Challenge (AIxCC) offering $20 million i…

1
Ryan Hurst on tech innovation and unsolved problems in security 42:24

1y ago42:24

42:24

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Peculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing …

1
Jason Chan on Microsoft's security problems, layoffs and startups 27:07

1+ y ago27:07

27:07

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Bessemer Venture Partner's Jason Chan returns to the show for a frank discussion on the state of cyber, including thoughts on Microsoft's prominent security failures, the meaning of layoffs hitting security teams, the excitement around AI, and the long road ahead. The former…

1
GitHub security chief Mike Hanley on secure coding, AI and SBOMs 40:29

1+ y ago40:29

40:29

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) GitHub security chief Mike Hanley joins the show to discuss merging the CSO and SVP/Engineering roles, securing data and code in an organization under constant attack, the thrilling promise of AI to the future of secure code, the dangers of equating SBOMs to supply chain sec…

1
Jason Shockey, Chief Information Security Officer, Cenlar FSB 33:47

1+ y ago33:47

33:47

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Cenlar FSB security chief Jason Shockey joins the show to discuss the task of securing a financial institution, pivoting from a career in the military to the private sector, the current state of the job market, managing risk from APTs, and the mission of his My Cyberpath pro…

1
Federico Kirschbaum on a life in the Argentina hacking scene 42:01

1+ y ago42:01

42:01

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Faraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric v…

1
Kymberlee Price reflects on life at the MSRC, hacker/vendor engagement, bug bounties 48:38

1+ y ago48:38

48:38

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Product security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cy…

1
OpenSSF GM Omkhar Arasaratnam on open-source software security 36:11

1+ y ago36:11

36:11

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) New General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins Ryan for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at sec…

1
Serial entrepreneur Rishi Bhargava on building another cybersecurity company 32:32

1+ y ago32:32

32:32

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Rishi Bhargava and the team of entrepreneurs behind Demisto’s $560 million exit are back at it with a new startup building technology in the customer identity market. The new company, called Descope, raised an abnormally large $53 million seed-stage funding round with ambiti…

1
Claude Mandy on CISO priorities, data security principles 35:02

1+ y ago35:02

35:02

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Symmetry Systems executive Claude Mandy joins the show to discuss a career in the security trenches, life as a CISO during the WannaCry crisis, and first principles around data security. We dig into the emerging Data Security Posture Management (DSPM) category and how it ext…

1
Sidra Ahmed Lefort dishes on VC investments and cyber uncertainties 31:00

1+ y ago31:00

31:00

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Munich Re Ventures investment principal Sidra Ahmed Lefort joins Ryan Naraine for a frank discussion on the state of VC funding in cybersecurity, the rise (and coming correction) in the land of security 'unicorns', the massive early-stage funding rounds and what they mean, l…

1
Paul Roberts on wins and losses in the 'right to repair' battle 47:32

2y ago47:32

47:32

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) SecuRepairs.org co-founder Paul Roberts joins the show to discuss his passion for the right to repair consumer electronic devices, the big-ticket lobbyists working to undermine the movement, and how changing consumer spending patterns are helping to rack up regulatory wins. …

1
Katie Moussouris on where bug bounties went wrong 33:18

2y ago33:18

33:18

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Luta Security founder and chief executive Katie Moussouris joins the show to dish on the bug-bounty ecosystem, the abuse of hacker labor, and the common mistakes made by even the most mature security programs. A security industry pioneer, Moussouris argues for better use of …

1
Robinhood CSO Caleb Sima on a career in the security trenches 30:38

2y ago30:38

30:38

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Caleb Sima is a cybersecurity lifer now responsible for security at Robinhood, a mobile stock trading platform. Caleb joins Ryan on the show to discuss the early hacking scene in Atlanta, building SPI Dynamics in a webapp security powerhouse, the evolution of attack surfaces…

1
Charlie Miller on hacking iPhones, Macbooks, Jeep and Self-Driving Cars 59:00

2y ago59:00

59:00

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Famed hacker Charlie Miller joins Ryan on the podcast to discuss a career in vulnerability research and software exploitation. Charlie talks about hacking iPhones and Macbooks at Pwn2Own, the 'No More Free Bugs' campaign, the Jeep hack that led to a recall and his current wo…

1
JAG-S on big-game malware hunting and a very mysterious APT 52:40

2y ago52:40

52:40

Episode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence. SentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing…

Podcasts Worth a Listen

Ryan Naraine Podcasts

Podcasts Worth a Listen

Quick Reference Guide