Sign up to save your podcasts
Or
Share LLMs writing exploits, engineers losing skills, and a case for the generative OS
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
LLMs writing exploits, engineers losing skills, and a case for the generative OS
(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)
Three Buddy Problem - Episode 92: Costin walks through real-world ransomware incident response while Juanito makes the case for AI-generated operating systems that never run anyone else's code. Plus, debates on whether vulnerability research is cooked, why nobody should pay ransoms, and what the security industry looks like after the massive AI flood.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
0:00 – Introductory banter
2:00 – Costin's ransomware incident response work
3:30 – How attackers break in: Fortinet vulnerabilities everywhere
6:30 – Hunting for ransomware decryption keys
9:00 – Breaking into ransomware C2s and monitoring leak sites
12:00 – The ransom payment debate: should you ever pay?
16:00 – Why "don't pay the ransom" is overgeneralized
21:00 – How ransomware gangs price their demands
24:00 – The AI-pilling of the security industry
28:30 – Nicholas Carlini, Ptacek, and "vulnerability research is cooked"
35:00 – Towards a generative-first operating system
41:00 – Code factories, trusted computing, and killing dependencies
48:00 – Microsoft and Apple's AI positioning
56:00 – Chris St. Myers' "Cognitive Rust Belt" essay
1:18:00 – Choice, The Matrix, and the illusion of control
1:38:00 – Supply chain attacks, North Korea, and dependency sprawl
Links:
- Transcript
- Nicholas Carlini - Black-hat LLMs
- Ptacek: Vulnerability Research Is Cooked
- Chris St Myers: Why Organizations Are Confusing Temporary Friction with Permanent Safety
- Dan Geer: Children of the Magenta
- Calif: Month of AI-Discovered Bugs
- Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell
- Internet Bug Bounty Pauses Bug Bounty Program
- Node.js Bug Bounty Program Paused Due to Loss of Funding
- Elastic: How we caught the Axios supply chain attack
- Elastic tool: supply-chain-monitor
- Apple Will Push Out Rare ‘Backported’ Patches to iOS 18 Users
- WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware
- The Human-Machine Team
- Arsenal Recon Tool
- TLPBLACK
View all episodes
By Security Conversations
4.9
6161 ratings
(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)
Three Buddy Problem - Episode 92: Costin walks through real-world ransomware incident response while Juanito makes the case for AI-generated operating systems that never run anyone else's code. Plus, debates on whether vulnerability research is cooked, why nobody should pay ransoms, and what the security industry looks like after the massive AI flood.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
0:00 – Introductory banter
2:00 – Costin's ransomware incident response work
3:30 – How attackers break in: Fortinet vulnerabilities everywhere
6:30 – Hunting for ransomware decryption keys
9:00 – Breaking into ransomware C2s and monitoring leak sites
12:00 – The ransom payment debate: should you ever pay?
16:00 – Why "don't pay the ransom" is overgeneralized
21:00 – How ransomware gangs price their demands
24:00 – The AI-pilling of the security industry
28:30 – Nicholas Carlini, Ptacek, and "vulnerability research is cooked"
35:00 – Towards a generative-first operating system
41:00 – Code factories, trusted computing, and killing dependencies
48:00 – Microsoft and Apple's AI positioning
56:00 – Chris St. Myers' "Cognitive Rust Belt" essay
1:18:00 – Choice, The Matrix, and the illusion of control
1:38:00 – Supply chain attacks, North Korea, and dependency sprawl
Links:
- Transcript
- Nicholas Carlini - Black-hat LLMs
- Ptacek: Vulnerability Research Is Cooked
- Chris St Myers: Why Organizations Are Confusing Temporary Friction with Permanent Safety
- Dan Geer: Children of the Magenta
- Calif: Month of AI-Discovered Bugs
- Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell
- Internet Bug Bounty Pauses Bug Bounty Program
- Node.js Bug Bounty Program Paused Due to Loss of Funding
- Elastic: How we caught the Axios supply chain attack
- Elastic tool: supply-chain-monitor
- Apple Will Push Out Rare ‘Backported’ Patches to iOS 18 Users
- WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware
- The Human-Machine Team
- Arsenal Recon Tool
- TLPBLACK
More shows like Three Buddy Problem
View all
Hacked
187 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,028 Listeners
Smashing Security
317 Listeners
Click Here
418 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
195 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
Risky Bulletin
45 Listeners
The 404 Media Podcast
398 Listeners