Ryan Naraine
@ryanaraine.bsky.social
📤 929
📥 0
📝 274
Three Buddy Problem
https://securityconversations.com
Three Buddy Problem, Ottawa, Canada.
@craiu.bsky.social
@jags.bsky.social
about 11 hours ago
1
10
1
reposted by
Ryan Naraine
Dennis
5 days ago
Three of my favorite security people. And Ryan!
add a skeleton here at some point
0
2
2
reposted by
Ryan Naraine
This week's show features OpenAI's Dave Aitel and is up on YouTube
@daveaitel.bsky.social
@jags.bsky.social
@craiu.bsky.social
youtu.be/EwMJsU8klZ0?...
loading . . .
OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
YouTube video by Three Buddy Problem
https://youtu.be/EwMJsU8klZ0?si=tpOa5iDyB8k-ZWC5
9 days ago
1
10
5
reposted by
Ryan Naraine
FULL SHOW
youtu.be/EwMJsU8klZ0?...
loading . . .
OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
YouTube video by Three Buddy Problem
https://youtu.be/EwMJsU8klZ0?si=tpOa5iDyB8k-ZWC5
8 days ago
0
1
2
reposted by
Ryan Naraine
JHunt🛡️
6 days ago
Another great episode. Glad to see that people are starting to catch on to this podcast, just hit 1K subs on YT :-)
@ryanaraine.bsky.social
still waiting for the 3BP merch store 🙃
add a skeleton here at some point
0
5
1
"It's like if you watched a train crash, full of puppies."
@daveaitel.bsky.social
www.youtube.com/watch?v=JCnt...
loading . . .
Trenchant exec exploit leak 'blast radius is immense'
YouTube video by Three Buddy Problem
https://www.youtube.com/watch?v=JCntW59Lg4E
7 days ago
0
1
0
reposted by
Ryan Naraine
Jeremy Kirk
7 days ago
Terrific discussion with OpenAI's
@daveaitel.bsky.social
on
@ryanaraine.bsky.social
's Three Buddy Problem podcast about Aardvark, which is OpenAI's new agentic bug-hunting tool. It's a must listen if you're in security.
#infosec
www.youtube.com/watch?v=EwMJ...
loading . . .
OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
YouTube video by Three Buddy Problem
https://www.youtube.com/watch?v=EwMJsU8klZ0
0
6
2
OpenAI's Dave Aitel on using Aardvark to audit cryptocurrency smart contracts
@craiu.bsky.social
@daveaitel.bsky.social
loading . . .
8 days ago
1
5
2
This week's show features OpenAI's Dave Aitel and is up on YouTube
@daveaitel.bsky.social
@jags.bsky.social
@craiu.bsky.social
youtu.be/EwMJsU8klZ0?...
loading . . .
OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
YouTube video by Three Buddy Problem
https://youtu.be/EwMJsU8klZ0?si=tpOa5iDyB8k-ZWC5
9 days ago
1
10
5
Watch on YouTube
youtu.be/PHijS6jLPxI?...
add a skeleton here at some point
14 days ago
0
3
0
reposted by
Ryan Naraine
youtu.be/PHijS6jLPxI?...
loading . . .
Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA
YouTube video by Three Buddy Problem
https://youtu.be/PHijS6jLPxI?si=2T_sbbe58imk642M
15 days ago
0
4
1
youtu.be/PHijS6jLPxI?...
loading . . .
Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA
YouTube video by Three Buddy Problem
https://youtu.be/PHijS6jLPxI?si=2T_sbbe58imk642M
15 days ago
0
4
1
reposted by
Ryan Naraine
New episode ALERT!
@craiu.bsky.social
@jags.bsky.social
News on Apple's iOS 26 quietly killing shutdown.log forensic artifact, a million-dollar WhatsApp zero-click that never materialized, Chinese threat intel reports pointing fingers at the NSA...
securityconversations.com/episode/appl...
loading . . .
Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA - Security Conversations
Three Buddy Problem – Episode 69: We dig into news that Apple's iOS 26 has quietly killed the shutdown.log forensic artifact used to spot signs […]
https://securityconversations.com/episode/apples-ios-forensics-freeze-whatsapp-zero-click-china-outs-nsa/
16 days ago
0
7
4
New episode ALERT!
@craiu.bsky.social
@jags.bsky.social
News on Apple's iOS 26 quietly killing shutdown.log forensic artifact, a million-dollar WhatsApp zero-click that never materialized, Chinese threat intel reports pointing fingers at the NSA...
securityconversations.com/episode/appl...
loading . . .
Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA - Security Conversations
Three Buddy Problem – Episode 69: We dig into news that Apple's iOS 26 has quietly killed the shutdown.log forensic artifact used to spot signs […]
https://securityconversations.com/episode/apples-ios-forensics-freeze-whatsapp-zero-click-china-outs-nsa/
16 days ago
0
7
4
reposted by
Ryan Naraine
Theo Von Rizzlet
27 days ago
The people that work at Ivanti literally have no idea that these are problems for their customers. I've dealt with them before and they absolutely could not understand why we'd want to get rid of their VPN product even after all of the critical vulns.
0
3
1
On the pod, we discussed Ivanti's inability to keep pace with security problems in its security products
@jags.bsky.social
@craiu.bsky.social
loading . . .
27 days ago
2
2
0
reposted by
Ryan Naraine
JHunt🛡️
27 days ago
“Misery is not activism” 💯 ✊ Great episode
@ryanaraine.bsky.social
@jags.bsky.social
@craiu.bsky.social
add a skeleton here at some point
0
2
1
reposted by
Ryan Naraine
An all-new Three Buddy Problem for your weekend earholes. Apple exploits chains, Oracle + ransomware, Ivanti 0days, VT pricing tiers
@craiu.bsky.social
@jags.bsky.social
youtu.be/qPj9_8azAvk?...
loading . . .
Apple Exploit-Chain Bounties, Tactical Wi-Fi Exploit Suitcases
YouTube video by Three Buddy Problem
https://youtu.be/qPj9_8azAvk?si=uunk4Sw-UDwW977s
28 days ago
0
7
5
reposted by
Ryan Naraine
WATCH
youtu.be/qPj9_8azAvk?...
loading . . .
Apple Exploit-Chain Bounties, Tactical Wi-Fi Exploit Suitcases
YouTube video by Three Buddy Problem
https://youtu.be/qPj9_8azAvk?si=staQCHv0ztYzQbn-
28 days ago
0
2
1
reposted by
Ryan Naraine
Costin on million-dollar "tactical suitcases" with iPhone wireless proximity exploits
@craiu.bsky.social
@jags.bsky.social
www.youtube.com/shorts/r3vu_...
loading . . .
Tactical Suitcase x iPhone WiFi Exploits #apple #wifi #tacticalgear #spyware #exploit #iPhone #iOS
YouTube video by Three Buddy Problem
https://www.youtube.com/shorts/r3vu_D0VZI0
28 days ago
1
5
3
Costin on million-dollar "tactical suitcases" with iPhone wireless proximity exploits
@craiu.bsky.social
@jags.bsky.social
www.youtube.com/shorts/r3vu_...
loading . . .
Tactical Suitcase x iPhone WiFi Exploits #apple #wifi #tacticalgear #spyware #exploit #iPhone #iOS
YouTube video by Three Buddy Problem
https://www.youtube.com/shorts/r3vu_D0VZI0
28 days ago
1
5
3
reposted by
Ryan Naraine
lcamtuf
28 days ago
Today I needed a bit of code, but instead of asking an LLM I tried writing it myself and wow, this could be a new paradigm
9
269
40
An all-new Three Buddy Problem for your weekend earholes. Apple exploits chains, Oracle + ransomware, Ivanti 0days, VT pricing tiers
@craiu.bsky.social
@jags.bsky.social
youtu.be/qPj9_8azAvk?...
loading . . .
Apple Exploit-Chain Bounties, Tactical Wi-Fi Exploit Suitcases
YouTube video by Three Buddy Problem
https://youtu.be/qPj9_8azAvk?si=uunk4Sw-UDwW977s
28 days ago
0
7
5
reposted by
Ryan Naraine
YouTube
youtu.be/fsDJTtIfMc8?...
loading . . .
Chris Eng on lessons learned from the NSA, @Stake, Veracode
YouTube video by Three Buddy Problem
https://youtu.be/fsDJTtIfMc8?si=wIf7A28phUWIFumF
about 1 month ago
0
1
1
reposted by
Ryan Naraine
Apple Podcasts
podcasts.apple.com/us/podcast/c...
loading . . .
Chris Eng on lessons learned from the NSA, @Stake, Veracode, and 20 years in cybersecurity
Podcast Episode · Three Buddy Problem · 10/07/2025 · 45m
https://podcasts.apple.com/us/podcast/chris-eng-on-lessons-learned-from-the-nsa-stake/id1414525622?i=1000730681302
about 1 month ago
0
0
1
reposted by
Ryan Naraine
SPOTIFY
open.spotify.com/episode/5FKD...
loading . . .
Chris Eng on lessons learned from the NSA, @Stake, Veracode, and 20 years in cybersecurity
https://open.spotify.com/episode/5FKDT34O5NYIgo2eHDg5ps?si=ClNEa-MRRRycEkpn5UKLyA
about 1 month ago
1
0
1
reposted by
Ryan Naraine
For the SecurityConversations show, I interviewed appsec and software supply chain security expert Chris Eng
@ceng.bsky.social
LISTEN
securityconversations.com/episode/chri...
loading . . .
Chris Eng on lessons learned from the NSA, @Stake, Veracode, and 20 years in cybersecurity - Security Conversations
This week on Security Conversations, Ryan sits down with Chris Eng, former Chief Research Officer at Veracode, to talk about life after nearly two decades […]
https://securityconversations.com/episode/chris-eng-on-lessons-learned-from-the-nsa-stake-veracode-and-20-years-in-cybersecurity/
about 1 month ago
3
4
4
From my conversation with Chris Eng
youtube.com/shorts/-PzmE...
loading . . .
The problem with AI training itself #ai #artificialintelligence #llm #supplychain #cybersecurity
YouTube video by Three Buddy Problem
https://youtube.com/shorts/-PzmE4CLw5E?si=vJQyK-iqCGQ0zbPl
about 1 month ago
1
0
0
My interview with Chris Eng for the SecuirtyConversations show is now up on YouTube
@ceng.bsky.social
www.youtube.com/watch?v=fsDJ...
loading . . .
Chris Eng on lessons learned from the NSA, @Stake, Veracode
YouTube video by Three Buddy Problem
https://www.youtube.com/watch?v=fsDJTtIfMc8&t=2081s
about 1 month ago
0
2
0
"How many CISOs are personally briefing their board of directors? Chris Eng with thoughts
@ceng.bsky.social
loading . . .
about 1 month ago
1
1
0
For the SecurityConversations show, I interviewed appsec and software supply chain security expert Chris Eng
@ceng.bsky.social
LISTEN
securityconversations.com/episode/chri...
loading . . .
Chris Eng on lessons learned from the NSA, @Stake, Veracode, and 20 years in cybersecurity - Security Conversations
This week on Security Conversations, Ryan sits down with Chris Eng, former Chief Research Officer at Veracode, to talk about life after nearly two decades […]
https://securityconversations.com/episode/chris-eng-on-lessons-learned-from-the-nsa-stake-veracode-and-20-years-in-cybersecurity/
about 1 month ago
3
4
4
This week's show is up on YouTube. We dig into an Oracle vuln leading to ransomware extortion campaigns
youtu.be/519suxip6uM
loading . . .
Oracle cl0p ransomware crisis, EU drone sightings, Cisco bootkit fallout
YouTube video by Three Buddy Problem
https://youtu.be/519suxip6uM
about 1 month ago
0
6
0
We're streaming live to YouTube in ~20 mins. Come hang out with us
www.youtube.com/watch?v=zjdh...
loading . . .
Three Buddy Problem (Episode 66)
YouTube video by Three Buddy Problem
https://www.youtube.com/watch?v=zjdhfWFt2LE
about 1 month ago
0
5
5
reposted by
Ryan Naraine
Costin with some advice for threat hunters
@craiu.bsky.social
@jags.bsky.social
youtube.com/shorts/z6fX1...
loading . . .
Costin's advice for threat hunters: Look at Ukraine CERT reports
YouTube video by Three Buddy Problem
https://youtube.com/shorts/z6fX1LDv5sw?si=ICyEMzk4tJ8ZnPc0
about 1 month ago
1
7
3
reposted by
Ryan Naraine
The three buddies back together for a fresh problem.
@craiu.bsky.social
@jags.bsky.social
WATCH on YouTube
youtu.be/yBrNMWvYQ6A?...
loading . . .
Cisco firewall zero-days and bootkits in the wild
YouTube video by Three Buddy Problem
https://youtu.be/yBrNMWvYQ6A?si=rwUPcxOOqAXGL265
about 1 month ago
1
7
5
Costin with some advice for threat hunters
@craiu.bsky.social
@jags.bsky.social
youtube.com/shorts/z6fX1...
loading . . .
Costin's advice for threat hunters: Look at Ukraine CERT reports
YouTube video by Three Buddy Problem
https://youtube.com/shorts/z6fX1LDv5sw?si=ICyEMzk4tJ8ZnPc0
about 1 month ago
1
7
3
Watch on YouTube
youtu.be/yBrNMWvYQ6A
add a skeleton here at some point
about 1 month ago
0
2
1
This week's pod is up on Spotify
open.spotify.com/episode/5c5t...
loading . . .
Cisco firewall zero-days and bootkits in the wild
https://open.spotify.com/episode/5c5tUsiZAysN1CzzavJroi?si=2W_Cx4zBTdOnIniDQ4Q-gQ
about 1 month ago
0
3
3
The three buddies back together for a fresh problem.
@craiu.bsky.social
@jags.bsky.social
WATCH on YouTube
youtu.be/yBrNMWvYQ6A?...
loading . . .
Cisco firewall zero-days and bootkits in the wild
YouTube video by Three Buddy Problem
https://youtu.be/yBrNMWvYQ6A?si=rwUPcxOOqAXGL265
about 1 month ago
1
7
5
reposted by
Ryan Naraine
Human Rights Center
about 1 month ago
HRC Senior Director
@lindsaysfreeman.bsky.social
cial joined
@sentinellabs.bsky.social
's Juan Andres Guerrero-Saade and
@ryanaraine.bsky.social
to discuss the Wagner Group’s war crimes in Mali at
#LABScon25
for The Three Buddy Problem podcast. Full episode here:
www.youtube.com/watch?v=XOAa...
loading . . .
0
4
2
reposted by
Ryan Naraine
NEW!! TBP x LABScon live podcasts! 😍 Visi Stark on lessons from the APT1 report
youtu.be/CTFd6KyiQzU
Lindsay Freeman on tracking war criminals on social media
youtu.be/XOAaLN4zmGc
Aurora Johnson/Trevor HIlligoss on flushing China's 'Internet Toilets'
youtu.be/2g_DgVSaSvI
loading . . .
Live at LABScon: Visi Stark shares memories of creating the APT1 report
YouTube video by Three Buddy Problem
https://youtu.be/CTFd6KyiQzU
about 2 months ago
0
5
3
reposted by
Ryan Naraine
WATCH: A conversation with Visi Stark on nation-state stuff
@invisig0th.bsky.social
@jags.bsky.social
youtu.be/CTFd6KyiQzU?...
about 2 months ago
0
8
4
reposted by
Ryan Naraine
Alex Matrosov
about 2 months ago
This research demonstrates how easily full persistence can be achieved on Supermicro BMC, allowing complete takeover of the server. - CVE-2025-7937: bypassed “fix” for CVE-2024-10237. - CVE-2025-6198: Supermicro RoT bypass.
www.binarly.io/blog/broken-...
1
2
2
WATCH: A conversation with Visi Stark on nation-state stuff
@invisig0th.bsky.social
@jags.bsky.social
youtu.be/CTFd6KyiQzU?...
about 2 months ago
0
8
4
NEW!! TBP x LABScon live podcasts! 😍 Visi Stark on lessons from the APT1 report
youtu.be/CTFd6KyiQzU
Lindsay Freeman on tracking war criminals on social media
youtu.be/XOAaLN4zmGc
Aurora Johnson/Trevor HIlligoss on flushing China's 'Internet Toilets'
youtu.be/2g_DgVSaSvI
loading . . .
Live at LABScon: Visi Stark shares memories of creating the APT1 report
YouTube video by Three Buddy Problem
https://youtu.be/CTFd6KyiQzU
about 2 months ago
0
5
3
reposted by
Ryan Naraine
Coming up on the Three Buddy Problem podcast feed this week, live interviews from LABScon! - Lindsay Freeman, Human Rights Center, UC Berkeley School of Law. - Visi Stark, Co-founder, Vertex Project - Aurora Johnson and Trevor Hilligoss (SpyCloud) Sub and listen
pod.link/1414525622
loading . . .
https://pod.link/1414525622
about 2 months ago
0
7
5
Coming up on the Three Buddy Problem podcast feed this week, live interviews from LABScon! - Lindsay Freeman, Human Rights Center, UC Berkeley School of Law. - Visi Stark, Co-founder, Vertex Project - Aurora Johnson and Trevor Hilligoss (SpyCloud) Sub and listen
pod.link/1414525622
loading . . .
https://pod.link/1414525622
about 2 months ago
0
7
5
reposted by
Ryan Naraine
5 months ago
@craiu.bsky.social
I liked your thoughts about logging all iOS network traffic on the latest Three Buddy Problem. What are your thoughts around mitigating how Apple allows many of their services — notably Messages — to bypass VPN?
0
1
1
reposted by
Ryan Naraine
NEW! This week's Three Buddy Problem is live on all platforms! - YouTube (livestream replay)
youtube.com/watch?v=aflo...
- Apple Podcasts
podcasts.apple.com/us/podcast/s...
- Spotify
open.spotify.com/show/6dXbRag...
loading . . .
LIVESTREAM: Salt Typhoon IOCs, China APT report, Google 'disruption unit'
YouTube video by Three Buddy Problem
https://youtube.com/watch?v=afloDxM0_dg&t=2761s&ab_channel=ThreeBuddyProblem
2 months ago
0
1
1
TBP HEADS-UP: Due to travel and Chinacon and life stuff, we are skipping the pod this week.
@craiu.bsky.social
@jags.bsky.social
Lots of time to catch up, like and subscribe 👊🏽✊🏽
www.youtube.com/@ryanaraine/...
loading . . .
Three Buddy Problem
The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privac...
https://www.youtube.com/@ryanaraine/videos
2 months ago
1
0
0
Load more
feeds!
log in
