Three Buddy Problem - Episode 23: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity’s “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusions.

We also cover news on a Firefox zero-day exploited on the Tor browser, the professionalization of ransomware, ESET's discovery of a Linux bootkit (we have a scoop on the origins of this!), Binarly research on connections to LogoFAIL, and major visibility gaps in the firmware ecosystem.

Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Honorary buddy: Steven Adair (Volexity)

Links:

• Transcript (unedited, AI-generated)
• Steven Adair on LinkedIn
• The Nearest Neighbor Wi-Fi Attack
• Detecting Compromise of Palo Alto Networks GlobalProtect Devices
• Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days
• Volexity Warns of 'Active Exploitation' of Zimbra Zero-Day
• RomCom exploits Firefox and Windows zero days in the wild
• Bootkitty: Analyzing the first UEFI bootkit for Linux
• Binarly: LogoFAIL Exploited to Deploy Bootkitty
• T-Mobile statement on Salt Typhooon
• LABScon24 Replay -- Cristina Cifuentes