Three Buddy Problem

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)

Three Buddy Problem x Ekoparty Miami: Federico Kirschbaum, founder of Ekoparty and now head of Security Lab at XBOW, talks about what happens to offensive security when an autonomous AI hacker can find and exploit real vulnerabilities. Fede walks through XBOW's "Tales from the Trace," the surreal experience of watching a non-human adversary reason its way to an ASLR bypass, and why he believes pen-testing isn't dying but finally becoming accessible to far more than the world's biggest companies.

Plus, where humans still matter in the loop, whether an LLM-discovered bug is public by definition, the looming reckoning over software liability, and Halvar Flake's very honest fear of getting lazy.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Federico Kirschbaum.

Timestamps:

0:00 Fede's move to XBOW

2:20 What's XBOW building? An AI hacker for real vulnerabilities

5:53 Where the human stays in the loop

6:35 The Exim bug: a craftsman races the LLM to an ASLR bypass

10:49 Does bug discovery still need a human asking the right question?

16:24 A short history: Satan, CORE, Metasploit, bug bounties

18:48 An LLM-discovered bug is public by definition

24:12 Halvar Flake's laziness worry & the assembly-to-C parallel

29:47 Rising tides: script kiddies get the full gamut

41:02 The economics: does pentesting get cheap?

43:18 Argentina, Ekoparty, and an untapped talent pipeline

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)

Three Buddy Problem x Ekoparty Miami: Jordan Wiens, co-founder of Vector 35 and creator of Binary Ninja, talks about a decade spent building a decompiler in a market everyone told him not to enter. He walks through why accessibility drove the whole project, how Binja's intermediate-language system stacks up against IDA, Ghidra, and Radare, and why language-specific decompilation for Rust, C++, and Go is the next real frontier.

Plus, thoughts on AI disruption and why "the model can do it" misses the point that the model is just driving the tool, what verifiability really means, whether AI tilts the field toward offense or defense, and questions around subsidized tokens, the collapse of the CTF talent pipeline, and what happens to a craft when the shortcut is always one prompt away.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Jordan Wiens.

Timestamps:

0:00 Introductory banter

1:22 Vector 35 and the origin of Binary Ninja

2:32 From CTFs and SCIFs to building a decompiler

3:27 Before Ghidra: when an IDA license was out of reach

9:47 Language-specific decompilation: Rust, C++, and Go

12:47 Running a 17-person bootstrapped shop with no org chart

13:50 DARPA money, In-Q-Tel, and staying independent

15:23 AI as disruptor: the model drives the tool

18:06 Verifiability and the Fast16 reversing story

25:10 How AI actually gets used inside the company

28:52 Frontier models and guardrails

33:30 Will AI favor offense or defense?

40:51 Shrinking CTF talent pipelines

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)

Three Buddy Problem - Episode 98: We dive back into the fast16 malware discovery with fresh speculation that it's targeting spherical implosion simulations for Iran's nuclear program, and wonder who on earth is qualified to confirm this.

Plus, thoughts on OpenAI's new three-tier cyber access program, Microsoft's MDASH harness, the 10x Patch Tuesday tsunami, Cloudflare's 1,100 layoffs blamed on AI, and why frontier-lab guardrails may just be elaborate security theater.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Timestamps:

0:00 - Introductory banter

3:19 - fast16 update: spherical implosion simulations?

9:01 - Manhattan Project precedent — why this matches Iran

12:28 - Who can actually reproduce the FAST 16 attack?

19:32 - Google GTIG's "AI-written" zero-day

22:13 - The rise of AI-backend "silent detections"

25:54 - Guardrails as security theater

38:47 - Are the 10x patch numbers real defense?

43:48 - OpenAI's Trusted Access tiers + Microsoft MDASH

53:35 - End of the ‘patch-and-pray’ model

57:50 - Sean Heelan: strict harnesses can make models worse

1:03:51 - Pwn2Own Berlin overflow and bug-density debate

1:12:24 - Cloudflare's 1,100 layoffs and AI as scapegoat

1:27:42 - RCS encryption, Android Intrusion Logging, Seedworm & Kazuar

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)

Three Buddy Problem - Episode 97: We discuss the disappearing art of Windows APT paleontology, the absence of complex malware documentation, and why so much threat-intel research has slipped behind paywalls and into private rooms.

Plus, a surge in AI-discovered bugs in Firefox and Chrome, a rough week for Linux security flaw disclosures, and the usual Ivanti and Palo Alto zero-day bulletins that ship without a single IOC.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Timestamps:

0:00 - Introductory banter

1:17 - Inside TLP-Red: writing hashes by hand

3:57- fast16 fallout and the threat intel trust collapse

9:17 - The death of cyber paleontology on Windows

14:49 - Mobile is the new paleontology frontier

15:48 - When threat intel went private: the CrowdStrike effect

23:29 - Falling sideways into intelligence brokerage

36:05 -- AI, Easter eggs, and the loss of malware artistry

47:22 -- Will the Frontier Labs publish threat intel?

51:43 -- fast16 follow-up reports coming

1:09:38 - Mythos, Aardvark, and the patch tsunami

1:15:33 - CopyFail and the Linux reboot crisis

1:51:05 - UAPs, Pulitzers, last-ever LabsCon, and shoutouts

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)

Three Buddy Problem - Episode 96: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program.

We discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie "spiritual warfare" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology.

Cast: Andy Greenberg, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Timestamps:

0:00 - WIRED’s Andy Greenberg joins the show

1:53 - How the FAST16 scoop landed in Andy's lap

6:45 - JAGS sat on this sample for 7 years

10:33 - How Costin and the Kaspersky team missed the sabotage routine

15:20 - The "holy moly" moment: what FAST16 actually does

18:26 - Territorial Dispute, Shadow Brokers, and the driver list

24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran

28:13 - No C&C, no victims: a worm built for air-gapped networks

34:45 - Was this part of a larger anti-Iran toolkit?

37:55 - Attribution: NSA, Israel, or someone else entirely?

51:39 - What was the actual sabotage? Unanswered questions

55:48 - "Spiritual warfare": the psychological angle and trust in computers

1:20:05 - Equities, going public, and the case for AI-powered reversing

1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone

1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and Ekoparty