Below the Surface (Audio) - The Supply Chain Security Podcast
A lively discussion of the threats affecting supply chain, specifically focused on firmware and low-level code that is a blind spot for many organizations. This podcast will feature guests from the cybersecurity industry discussing the problems surrounding supply chain-related issues and potential solutions. Get the Supply Chain Security Toolkit from Eclypsium here: https://eclypsium.com/go
info_outline
YellowKey, CVE Enrichment, Chipmaker Breach - BTS #74
05/19/2026
YellowKey, CVE Enrichment, Chipmaker Breach - BTS #74
In this episode, we explore recent vulnerabilities, the YellowKey BitLocker bypass, supply chain security, CVE data analysis, and the implications of hardware breaches like the one at Foxconn. We also delve into AI's role in vulnerability research and the evolving landscape of cybersecurity threats. Topics Chapters 00:00 Introduction to Vulnerability Research and AI 03:42 NIST and CVE Growth Challenges 06:46 Building Tools for CVE Analysis 10:58 The Complexity of CVSS Scoring 15:08 CISA's Role in Vulnerability Enrichment 18:06 Challenges in CWE and CPE Data 19:55 The Future of Vulnerability Research 27:18 BitLocker Bypass: A Case Study 33:05 Exploring the Complexity of Windows Features 34:49 Speculation on Microsoft and Conspiracy Theories 35:57 The Impact of BIOS Passwords on Security 39:12 The Foxconn Breach: A Major Data Compromise 47:34 Supply Chain Attacks on Package Managers 51:13 Deceptive Techniques in Cybersecurity
/episode/index/show/belowthesurfacesw/id/41352305
info_outline
Uncovering Firmware Risks: From Y2K to Modern Malware - BTS #73
05/07/2026
Uncovering Firmware Risks: From Y2K to Modern Malware - BTS #73
In this episode of Below the Surface, hosts Paul Asadoorian, Chase Snyder, and guest Brian Richardson explore the evolution of firmware security, the risks of supply chain vulnerabilities, and the latest threats targeting network edge devices like Cisco ASA and FTD. They discuss historical malware like the Chernobyl virus, modern malware campaigns such as Firestarter, and the challenges of securing complex network infrastructure in a rapidly evolving threat landscape. Links: https://www.linkedin.com/news/story/white-house-pushes-back-on-anthropics-mythos-expansion-8741242/ https://www.tomshardware.com/tech-industry/cyber-security/the-chernobyl-virus-turned-27-today-and-it-could-brick-your-pc-in-ways-modern-malware-cant https://blog.talosintelligence.com/uat-4356-firestarter/ Chapters 00:00 Introduction to Below the Surface 02:20 Brian's Transition to Eclipseum 03:50 The Y2K Experience and Early Virus Detection 06:31 The CIH Virus and Its Impact 10:12 BIOS Security and Vulnerabilities 14:10 The Importance of Firmware Lockdown 18:09 Modern Threats and UEFI Attacks 22:13 Targeted Malware and Ransomware Risks 25:21 Creative Concepts in Cybersecurity 26:20 Emerging Threats: Firestarter Malware 30:54 The Security of Network Devices 35:17 Challenges in Managing Security Appliances 39:52 Persistence of Malware and Its Implications 43:02 The Evolving Landscape of Cyber Threats 49:44 AI and Cybersecurity: The Anthropic Dilemma
/episode/index/show/belowthesurfacesw/id/41206915
info_outline
AI-Powered Firmware Hacking: The Future of Vulnerability Discovery - BTS #72
04/17/2026
AI-Powered Firmware Hacking: The Future of Vulnerability Discovery - BTS #72
In this episode, the hosts explore the latest in cybersecurity, including AI-driven vulnerability discovery, firmware analysis tools, secure boot complexities, and recent CVE trends. They discuss practical techniques for hacking devices, the challenges of firmware emulation, and the implications of new security policies on consumer and enterprise hardware. Chapters 00:00 Introduction to Hacking and Security Updates 03:24 Exploring Samsung TV Hacking 06:34 AI in Vulnerability Research 11:17 The Role of AI in Exploiting Vulnerabilities 15:18 CVE Disclosure and Ethical Considerations 20:43 AI Tools and Instrumentation in Development 24:41 Emerging Tools for Firmware Analysis 28:14 Navigating Linux Security Challenges 29:12 The Surge of CVEs: Understanding the Growth 31:29 The Role of AI in Vulnerability Discovery 34:50 CVE Enrichment: The Need for Contextual Data 36:57 Microsoft's Secure Boot: A Double-Edged Sword 46:43 Vulnerabilities in Bootloaders: A Case Study 51:25 The Complexity of Secure Boot Management 53:24 Regulatory Challenges in Router Security
/episode/index/show/belowthesurfacesw/id/40914155
info_outline
What Makes a Device a Router? - BTS #71
04/07/2026
What Makes a Device a Router? - BTS #71
summary In this episode, the hosts discuss the new FCC regulations regarding consumer routers, exploring the implications for cybersecurity, the definitions of what constitutes a router, and the challenges of manufacturing compliant devices. They delve into the debate surrounding the effectiveness of these regulations in mitigating cyber risks, the role of hardware versus software vulnerabilities, and the potential impact on consumers and existing devices in homes. In this conversation, the hosts discuss the implications of the FCC's decision to decertify routers and firmware, the challenges posed by the conditional approval process, and the potential impact on router security and availability. They explore conspiracy theories surrounding the regulations, compare US and EU cybersecurity standards, and address the complexities of hardware backdoors and default credentials. The conversation highlights the need for better security practices and the importance of addressing vulnerabilities in enterprise devices. Chapters 00:00 Introduction to FCC Regulations on Routers 02:35 The Impact of FCC Regulations on Consumer Devices 05:03 Defining What Constitutes a Router 09:51 The Security Implications of Router Regulations 12:41 The Role of Hardware vs. Software in Cybersecurity 17:11 Challenges in Manufacturing and Compliance 21:40 Consumer Impact and Existing Devices 25:59 The Future of Networking Devices and Regulations 29:48 Decertification of Routers and Firmware Challenges 31:58 Conditional Approval Process and Its Implications 34:40 Proposed Solutions for Router Security Standards 36:53 Conspiracy Theories Surrounding Router Regulations 39:26 The Impact of Regulations on Router Availability and Pricing 42:05 Comparing US and EU Cybersecurity Regulations 46:11 The Complexity of Hardware Backdoors and Security 49:11 Addressing Default Credentials and Vulnerabilities 52:02 Conditional Approval Guidance and Its Flaws 54:56 Recent Vulnerabilities in Enterprise Devices
/episode/index/show/belowthesurfacesw/id/40764990
info_outline
How Cheap KVMs Could Be Your Network's Weak Link - BTS #70
03/25/2026
How Cheap KVMs Could Be Your Network's Weak Link - BTS #70
In this episode, we explore the security vulnerabilities of low-cost IP-based KVMs, including firmware flaws, default credentials, and insecure update mechanisms. Two Eclypsium researchers, Paul and Rey, discovered the vulnerabilities and shared the details and behind-the-scenes details! We also discuss real-world testing, vendor responses, and best practices for securing remote management devices in enterprise environments. Chapters 00:00 Introduction to KVM Vulnerabilities 03:00 Research Background and Team Introduction 05:57 Exploring GLINet and Initial Findings 09:03 Firmware Analysis and Security Expectations 11:58 Vulnerability Disclosure and Response 15:07 Enterprise Risks and Deployment Concerns 17:59 Security Best Practices for KVMs 21:06 Vendor Responses and Community Engagement 23:49 Unique Vulnerabilities in SiP and JetKVM 27:01 Conclusion and Future Directions 31:26 Vulnerability Research and Tool Development 34:14 Vendor Communication and Disclosure Challenges 37:51 Firmware Update Issues and Security Concerns 39:12 The Importance of Reviews and Brand Trust 41:42 Security Best Practices for KVMs 45:38 Network Segmentation and Device Security 49:26 Discovering IoT Devices on the Network 52:11 Open Source Solutions and Community Engagement 55:58 The Future of KVM Security and Regulation
/episode/index/show/belowthesurfacesw/id/40623610
info_outline
Navigating Network Edge Vulnerabilities - BTS #69
03/05/2026
Navigating Network Edge Vulnerabilities - BTS #69
In this episode of Below the Surface, Paul Asadoorian, Vlad Babkin, and Adrian Sanabria discuss the ongoing vulnerabilities in network edge devices, the implications of legacy systems like Avanti, and the strategies employed by threat actors. They explore the importance of monitoring and detection in cybersecurity, as well as innovative deception techniques to enhance security measures against exploitation. In this conversation, the speakers delve into various aspects of cybersecurity, including innovative strategies to enhance security, the challenges posed by vendor cooperation, the implications of cyber insurance, and the importance of visibility in threat detection. They discuss the use of canary tokens, the exploitation of edge devices, and the reality of zero-day vulnerabilities. The conversation also touches on the need for firmware updates, the shift towards open-source solutions, and the role of AI in developing cybersecurity tools. Chapters 00:00 Introduction to Below the Surface Podcast 03:27 Network Edge Vulnerabilities and Trends 10:02 Understanding Avanti and Its Impact 12:44 The Consequences of Legacy Systems 18:03 Exploitation Techniques and Threat Actor Strategies 26:50 The Importance of Monitoring and Detection 31:14 Deception Techniques for Enhanced Security 32:55 Leveraging Canary Tokens for Enhanced Security 34:41 The Challenge of Vendor Cooperation in Cybersecurity 35:30 Understanding Cyber Insurance and Its Implications 36:25 The Importance of Visibility in Cyber Defense 39:12 Utilizing Low-Interaction Honeypots for Threat Intelligence 41:48 Exploiting Vulnerabilities in Edge Devices 43:27 The Reality of Zero-Day Vulnerabilities 45:04 Analyzing Recent Exploits in Network Devices 49:02 The Need for Firmware Updates and Alternatives 50:33 Exploring Tailscale and Remote Access Solutions 54:33 Building Secure Lab Environments 56:52 The Shift Towards Open Source in Cybersecurity 01:00:27 Innovations in Memory Forensics 01:03:02 AI's Role in Enhancing Cybersecurity Tools
/episode/index/show/belowthesurfacesw/id/40327090
info_outline
Attacking Power Grids - BTS #68
02/11/2026
Attacking Power Grids - BTS #68
In this episode, the hosts discuss various cybersecurity threats, including Russian cyber attacks on critical infrastructure, the vulnerabilities in firewalls and VPNs, and the implications of AI in cybersecurity. They explore the increasing trend of using Python for malicious purposes and the challenges posed by gaming anti-cheat drivers. The conversation also touches on the escalation of cyber warfare and the confused deputy problem in AI, highlighting the need for better security measures and awareness in the industry. Chapters 00:00 Introduction to Cybersecurity Threats 02:52 Russian Cyber Attacks on Poland's Power Grid 10:33 The Flaws in Firewall Security 15:02 AI and the Future of Cybersecurity 22:22 Exploiting Vulnerabilities in Gaming Anti-Cheat Drivers 29:47 Driver Attestation and Security Transparency 35:17 Critical Infrastructure and Cybersecurity Threats 39:50 Linux Malware and Python Exploits 45:47 Firmware Complexity and Security Risks 51:19 Cyber Insurance and Responsibility in Cybersecurity 56:52 Confused Deputy Attack and AI Security Risks
/episode/index/show/belowthesurfacesw/id/40074585
info_outline
BIOS Password Cracking, Secure Boot, and Stackwarp - BTS #67
01/27/2026
BIOS Password Cracking, Secure Boot, and Stackwarp - BTS #67
In this episode, the hosts discuss various cybersecurity topics, including the challenges of BIOS password cracking, the implications of AMD's Stack Warp vulnerability, and the importance of up-to-date secure boot certificates. They also explore the risks associated with network security appliances, the costs of cybersecurity, and the role of marketing in raising awareness. Additionally, they share insights from an X-ray analysis of USB cables, highlighting the differences between quality and counterfeit products. BIOS password cracking can be complex and time-consuming. Physical access to hardware can significantly impact security measures. The Stack Warp vulnerability poses serious risks to virtual machines. Secure boot certificates need regular updates to maintain security. Network security appliances can introduce new vulnerabilities. Cybersecurity costs often outweigh the perceived benefits of cloud solutions. Marketing plays a crucial role in raising awareness about cybersecurity issues. X-ray analysis can reveal the quality of electronic components. Understanding the shared responsibility model is essential for IT teams. The balance between security and operational efficiency is a constant challenge. Chapters 01:59 Introduction to Below the Surface Podcast 04:46 BIOS Password Cracking Techniques 10:14 Exploring AMD's Stack Warp Vulnerability 22:03 Migration Trends in Cloud Computing 23:22 Cost vs. Security in On-Premises Solutions 24:37 Shared Responsibility in Network Security Appliances 27:03 The Risks of Network Security Appliances 28:14 Exploitation of Vulnerabilities in Network Devices 31:18 Challenges in Updating Network Security Appliances 34:59 The Slow Response to Vulnerabilities 39:05 The Complexity of Firmware Updates 45:45 Secure Boot Certificates and Future Vulnerabilities 49:12 Fun Innovations: X-ray Machine in the Office
/episode/index/show/belowthesurfacesw/id/39890720
info_outline
Beyond the Label: The Truth About Hardware Trust - BTS #66
01/15/2026
Beyond the Label: The Truth About Hardware Trust - BTS #66
In this episode of Below the Surface, host Paul Asadoorian is joined by co-hosts Larry Pesci, Joshua Marpet, and Vlad Babkin to delve into the complexities of hardware supply chain security. The discussion is sparked by a presentation from Andrew 'Bunny' Wong at Black Hat Asia, which raised critical questions about how we can trust the silicon in our devices. The conversation explores the challenges of validating hardware components, the potential for backdoors in devices, and the implications of counterfeit components in the supply chain. The hosts share anecdotes and insights about their experiences with hardware security, emphasizing the need for independent testing and the importance of understanding the provenance of hardware components. 00:00 Introduction to Hardware Supply Chain Security 02:53 Understanding Trust in Silicon 05:55 Challenges in Validating Hardware Components 09:01 Historical Context of Hardware Tampering 11:58 The Complexity of Supply Chains 14:55 Operationalizing Hardware Validation 18:01 The Role of Independent Researchers 20:59 Bounties and Community Involvement 23:56 Innovative Techniques for Hardware Analysis 27:06 The Future of Hardware Security 31:57 The Evolution of Computing: From Transistors to Quantum 36:11 Understanding Hardware Trust and Supply Chain Risks 41:52 The Need for Continuous Monitoring and Assurance 55:31 The Future of High Assurance Devices and Backdoors
/episode/index/show/belowthesurfacesw/id/39747955
info_outline
Exploring AI in Firmware Analysis - BTS #65
12/15/2025
Exploring AI in Firmware Analysis - BTS #65
Summary In this episode, special guest Matt Brown joins us to discuss the integration of AI in firmware analysis, exploring its benefits and challenges. We delve into the transition from traditional methods to AI-driven approaches, emphasizing the importance of prompt specificity for effective vulnerability discovery. The conversation also covers the role of open-source components, the need for guardrails in AI use, and the implications of AI-generated reports in cybersecurity. Additionally, they touch on man-in-the-middle techniques and the future of AI in firmware development, highlighting the creative monetization of vulnerabilities in IoT devices. Takeaways * AI is revolutionizing firmware analysis and vulnerability discovery. * Specificity in prompts is crucial for effective AI usage. * Open-source components can enhance analysis results significantly. * Guardrails are necessary to prevent AI from executing harmful commands. * AI can assist in code refactoring and documentation generation. * NTP spoofing can reveal vulnerabilities in time-sensitive applications. * AI-generated reports may lead to false positives in vulnerability assessments. * Man-in-the-middle techniques are essential for testing device security. * The future of AI in firmware development is promising but complex. * Understanding the context of vulnerabilities is key to accurate reporting. Chapters 00:00 Introduction to Firmware Analysis and AI Tools 01:54 Transitioning from Traditional Tools to AI 04:28 Specific Techniques for Vulnerability Discovery 06:29 Dynamic Analysis vs. Static Analysis 08:30 Using AI for Code Generation and Documentation 11:43 Interacting with Firmware and Devices 15:57 Creating Custom Tools and Skills for AI 18:53 Recent Projects and Use Cases in Firmware Analysis 22:48 Challenges and Risks of Using AI in Security Research 28:36 The Future of AI in Firmware Development 29:43 AI in Code Review and Vulnerability Detection 33:35 Limitations of AI in Understanding Logic 37:54 Challenges with AI-Generated Vulnerability Reports 43:13 Man-in-the-Middle Techniques and Tools 53:24 Exploring IoT Device Vulnerabilities
/episode/index/show/belowthesurfacesw/id/39415780
info_outline
Patching, Evil AI, Supply Chain Breaches - BTS #64
11/24/2025
Patching, Evil AI, Supply Chain Breaches - BTS #64
Summary In this episode, the hosts discuss various cybersecurity topics, including recent vulnerabilities in Fortinet products, the implications of supply chain breaches, the evolving role of AI in cybersecurity, and updates to the OWASP Top 10 list. They emphasize the importance of firmware security and the need for better visibility and standards in the industry. The conversation highlights the challenges faced by defenders in a rapidly changing threat landscape and the necessity for proactive measures to secure systems. Takeaways Fortinet vulnerabilities are critical and require immediate attention. Silent patches can lead to significant security risks. AI is being used by both attackers and defenders in cybersecurity. The OWASP Top 10 has been updated to include software supply chain failures. Firmware security is often overlooked but is essential for device safety. Supply chain breaches can have far-reaching implications for organizations. Visibility into firmware and device security is lacking in the industry. Standards for software security are necessary to protect against vulnerabilities. Defenders need better tools to combat evolving threats. The cybersecurity landscape is becoming increasingly complex and interconnected. Chapters 00:00 Introduction and Technical Setup 03:08 Fortinet Vulnerabilities and Exploits 06:05 Public Exploits and Path Traversal Vulnerabilities 09:00 Chaining Vulnerabilities and Risk Assessment 11:50 Authentication and Vulnerability Scoring 15:04 Operational Complexity in Patch Management 17:55 Silent Patches and Their Implications 20:58 Challenges with Network Device Security 24:55 Cyber Insurance and Vulnerability Trends 27:58 The Impact of Silent Patches 30:46 End of Life Devices and Legacy Systems 34:58 Supply Chain Security and Source Code Theft 39:44 AI in Cybersecurity: Opportunities and Threats 47:17 Navigating AI's Guardrails and Malicious Use Cases 49:24 The Dilemma of AI and Harmful Intentions 52:44 The Need for Researcher Access to AI Tools 58:36 OWASP Top 10 Updates and Supply Chain Security 01:05:12 The Challenges of Firmware and Device Security
/episode/index/show/belowthesurfacesw/id/39151365
info_outline
F5 Breach, Linux Malware, and Hacking Banks - BTS #63
10/30/2025
F5 Breach, Linux Malware, and Hacking Banks - BTS #63
Summary In this episode of Below the Surface, Paul Asadoorian and Chase Snyder delve into various cybersecurity topics, including the use of Raspberry Pi in cyber attacks, the implications of the F5 breach, and the emergence of Polar Edge malware targeting QNAP devices. They also discuss the innovative Two-Face Rust binary technique, the critical nature of authentication bypass vulnerabilities, and the evolving landscape of air-gapped systems. The conversation highlights the increasing risk posed by old vulnerabilities and the need for improved security measures in the face of advancing cyber threats. Articles:
/episode/index/show/belowthesurfacesw/id/38850710
info_outline
Unpacking the F5 Breach, Framework UEFI Shells - BTS #62
10/21/2025
Unpacking the F5 Breach, Framework UEFI Shells - BTS #62
In this episode, the hosts discuss the recent F5 breach, exploring the implications of the attack, the tactics used by threat actors, and the importance of vulnerability disclosure. They delve into the complexities of securing network edge devices, the challenges posed by Linux security, and the need for standardization in security practices. The conversation also touches on the future of firmware security and the necessity for proactive measures in incident response. We also close out the show taking about the recent Framework UEFI shell vulnerability. Chapters 00:00 Introduction to F5 Breach and UEFI Secure Boot Bypass 02:16 Details of the F5 Breach 04:59 Threat Actor Analysis and Implications 07:18 Vulnerability Disclosure and Exploitation Risks 10:17 Security Measures and Key Management 12:57 Proactive Defense Strategies 15:52 The Evolving Threat Landscape 18:41 Challenges in Securing Network Devices 21:10 Linux Security and Customization Issues 25:16 Kernel Customization Challenges 27:08 Security Through Obscurity 29:04 Application Security and Development Practices 33:59 Framework's UEFI Shell Vulnerability 38:22 Interdependency in Technology Ecosystems 41:48 The Need for Transparency in Signed Software
/episode/index/show/belowthesurfacesw/id/38730290
info_outline
Red November, Cisco Vulnerabilities, and Supply Chain Security - BTS #61
10/08/2025
Red November, Cisco Vulnerabilities, and Supply Chain Security - BTS #61
In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the Red November campaign targeting network edge devices, the implications of the Cisco SNMP vulnerability, and the recent vulnerabilities associated with Cisco ASA devices. They also delve into the hybrid Petya ransomware and its connection to supply chain security, emphasizing the need for better visibility and security measures in network devices. Chapters: 00:00 Introduction and Overview of Cybersecurity Trends 02:09 Red November Campaign: Targeting Network Edge Devices 11:06 The Shift in Attack Vectors: From Windows to Network Edge 14:59 Cisco SNMP Vulnerability: A Legacy Issue 21:21 The Implications of Targeting Network Edge Devices 28:20 Addressing Legacy Issues in Cybersecurity 29:41 Emerging Threats in Cybersecurity 32:19 The Age of Vulnerabilities 33:40 The Importance of Asset Inventory 35:38 Challenges in Device Security 37:22 Visibility and Detection Limitations 39:28 Vendor Responses to Vulnerabilities 41:24 Supply Chain Security Crisis 46:59 Understanding Hybrid Petya 52:11 The Evolution of Attack Techniques
/episode/index/show/belowthesurfacesw/id/38512960
info_outline
HybridPetya and UEFI Threats - BTS #60
09/22/2025
HybridPetya and UEFI Threats - BTS #60
In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the evolution of malware with a focus on Hybrid Petya, the implications of UEFI vulnerabilities, and the security risks associated with Windows 10's end of life. They also explore the vulnerabilities of Cisco ASA devices, the rise of supply chain attacks exemplified by NPM worms, and the persistent threat of Row Hammer attacks on DDR5 technology. The conversation highlights the significance of visibility in cybersecurity and the necessity for enhanced security practices to counter evolving threats. Chapters 00:00 Introduction and Podcast Overview 02:55 Hybrid Petya: The New Threat Landscape 06:03 Understanding UEFI and Secure Boot Vulnerabilities 09:00 The Evolution of Ransomware Techniques 11:54 Windows 10 End of Life Concerns 14:56 The Future of Secure Boot and User Responsibility 22:50 The Shift in Consumer Trust Towards Microsoft 25:11 The Rise of Alternatives: Linux and SteamOS 28:41 Security Concerns with Windows 10 and 11 31:57 Exploiting End-of-Life Devices 36:39 The Challenge of Legacy Infrastructure 39:41 VPN Security: Risks and Solutions 45:40 The Dilemma of Compliance and Visibility 50:16 Supply Chain Vulnerabilities and NPM Attacks 55:54 The Rowhammer Attack and Hardware Security 01:03:40 The Need for Visibility and Signatures in Security
/episode/index/show/belowthesurfacesw/id/38314685
info_outline
Exploit Marketplaces - BTS #59
09/10/2025
Exploit Marketplaces - BTS #59
In this episode of Below the Surface, host Paul Asadoorian speaks with Evan Dornbush, CEO of Desired Effect, about the evolving landscape of exploit marketplaces and vulnerability research. They discuss the challenges researchers face in monetizing their findings, the ethical implications of selling exploits, and the importance of timely intelligence for defenders. The conversation also touches on the role of AI in vulnerability research, the dynamics between buyers and sellers in the marketplace, and the impact of end-of-life devices on cybersecurity. Overall, the episode provides valuable insights into the complexities of the exploit marketplace and the need for a more proactive approach to cybersecurity. Chapters 00:00 Introduction to Desired Effect and Evan Dornbush 02:35 The Evolution of Exploit Marketplaces 05:06 Monetizing Vulnerability Research 07:46 The Role of Disclosure in Exploit Sales 10:28 Understanding the Value of Exploits 13:14 Ethics and Motivations in Vulnerability Research 15:51 Validation of Vulnerabilities and Exploits 18:29 Buyer Vetting and Market Dynamics 21:31 Proactive Defense Strategies 24:32 Market Insights and Future Trends 27:43 The Marketplace for Exploits 31:08 The Role of Researchers and Vendors 34:51 The Asymmetry in Cybersecurity 38:03 Economic Incentives in Cybersecurity 40:25 The Complexity of Risk Management 43:57 The Future of Exploit Disclosure 47:23 The Role of AI in Cybersecurity 53:31 Closing Thoughts on Exploit Ethics
/episode/index/show/belowthesurfacesw/id/38170855
info_outline
UEFI Vulnerabilities and Hardware Risks - BTS #58
09/04/2025
UEFI Vulnerabilities and Hardware Risks - BTS #58
In this episode, the hosts discuss various cybersecurity topics, focusing on hardware vulnerabilities, UEFI attack vectors, and the implications of new regulations on device security. They explore the evolution of Mirai variants targeting IoT devices and the challenges of securing firmware. The conversation highlights the need for improved security measures and the complexities of managing vulnerabilities in a rapidly changing technological landscape. 00:00 Introduction and Technical Challenges 02:37 Exploring UEFI Settings and Hardware Vulnerabilities 10:14 The Risks of UEFI Control and Physical Damage 16:33 Static Tundra: Cyber Espionage and Exploits 22:23 Targeting Vulnerable Infrastructure in Cyber Attacks 26:27 Emerging Threats in IoT and Network Devices 31:55 The Evolution of Malware: A Deep Dive 34:30 The Challenge of Securing IoT Devices 35:13 Impact of EU Cyber Resilience Act 38:14 Vulnerability Management and Vendor Responsibilities 41:54 Living Outside the Operating System: New Attack Vectors
/episode/index/show/belowthesurfacesw/id/38090735
info_outline
Interview with Brian Mullen from AMI - BTS #57
08/15/2025
Interview with Brian Mullen from AMI - BTS #57
In this episode of Below the Surface, host Paul Asadoorian is joined by Brian Mullen, head of SSDLC at AMI, to discuss the complexities of supply chain and firmware security. They explore the challenges of maintaining security in a complicated supply chain, the importance of proactive and reactive security measures, and the implications of end-of-life software. The conversation also touches on the gaming industry's push for secure boot, recent vulnerabilities discovered in firmware, and the role of BMCs in security. Brian shares insights into AMI's approach to vulnerability management and the future of firmware security, including the significance of Software Bill of Materials (SBOMs). Whitepaper: https://eclypsium.com/wp-content/uploads/OpenBMC-Security-in-Practice.pdf Chapters 00:00 Introduction and Technical Setup 01:46 The Challenges of Podcasting and Marketing 03:42 Understanding AMI and Its Role in Firmware Security 06:13 Supply Chain Complexity and Security Measures 08:49 Proactive vs Reactive Security in Firmware 11:17 The Importance of Stable Firmware in Security 13:54 Navigating Vulnerabilities in UEFI and OpenSSL 16:24 The Impact of Cherry-Picking Security Updates 19:11 Tracking Vulnerabilities Across the Supply Chain 21:50 Solutions for Data Center Firmware Management 24:21 Future Directions in Vulnerability Management 24:38 Navigating Vulnerability Management 28:30 End of Life and Support Challenges 31:55 Gaming Security and Anti-Cheat Mechanisms 35:38 The Complexity of Secure Boot Implementation 36:50 Recent Vulnerabilities and Security Research 39:44 Understanding BMC Security 43:34 Open Source and BMC Development 46:30 The Role of SBOMs in Security Compliance
/episode/index/show/belowthesurfacesw/id/37836700
info_outline
BTS #56 - Vulnerabilities & Backdoors In IT Infrastructure
08/08/2025
BTS #56 - Vulnerabilities & Backdoors In IT Infrastructure
In this episode, the hosts discuss various cybersecurity topics, focusing on Nvidia vulnerabilities, the implications of backdoors in technology, and the importance of secure boot and certificate management. They also delve into SonicWall's security challenges and the ongoing debate of building versus buying security solutions, particularly in the context of AI infrastructure and cloud services. Articles and topics for this week: - Secure Boot and certificates - - - Researcher’s previous paper on SMM and malware: He presented at Blackhat last year on Option ROMS: - YouTube video:
/episode/index/show/belowthesurfacesw/id/37738655
info_outline
Netgear, Gigabyte, and Rowhammer Vulnerabilities - BTS #55
07/24/2025
Netgear, Gigabyte, and Rowhammer Vulnerabilities - BTS #55
In this episode of Below the Surface, the hosts discuss critical cybersecurity topics including vulnerabilities in Netgear and Gigabyte devices, the importance of asset inventory, and the implications of Row Hammer attacks on memory integrity. They emphasize the need for organizations to implement compensating controls and monitor for potential threats, especially in the context of supply chain security and IoT devices. Chapters 00:00 Introduction to Cybersecurity Challenges 02:20 Exploring Netgear's Role in Enterprise Security 09:08 The Impact of Shadow IT on Network Security 15:04 Firmware Integrity and Security Measures 18:05 Gigabyte's UEFI Vulnerabilities and Industry Implications 22:25 Understanding UEFI Vulnerabilities 28:46 Consumer vs. Enterprise Hardware Security 35:06 Monitoring and Mitigating Firmware Risks 41:11 The Impact of ECC on AI Performance
/episode/index/show/belowthesurfacesw/id/37534700
info_outline
CVE-2024-54085: The First of Its Kind - BTS #54
07/08/2025
CVE-2024-54085: The First of Its Kind - BTS #54
In this episode, the hosts delve into the critical vulnerabilities associated with Baseboard Management Controllers (BMCs), with a particular focus on CVE-2024-54085. They discuss the ease of exploitation, the potential threat actors involved, and the implications for data center security. The conversation highlights the challenges in detecting and mitigating these vulnerabilities, the importance of firmware updates, and the need for community tools to aid in vulnerability detection and mitigation. The episode concludes with a call to action for organizations to patch their systems and implement robust security measures. Chapters 00:00 Introduction to BMC Vulnerabilities 02:21 Exploring CVE 2024-54085 05:04 Understanding Exploitation and Threat Actors 07:47 The Implications of BMC Vulnerabilities 10:46 Mitigation Strategies and Challenges 13:35 The Future of BMC Security 28:36 Understanding BMC Vulnerabilities 36:24 The Importance of Disclosure and Community Tools 45:13 Navigating Firmware Updates and Vendor Challenges 52:19 Community Engagement and Future Considerations
/episode/index/show/belowthesurfacesw/id/37335565
info_outline
Exploring the Evolution of Zero Trust - BTS #53
07/07/2025
Exploring the Evolution of Zero Trust - BTS #53
In this episode, the hosts discuss the evolving landscape of AI infrastructure security, focusing on the complexities of building and maintaining AI data centers. They explore the critical role of Baseboard Management Controllers (BMCs) as an attack surface, the importance of supply chain security, and best practices for hardware procurement. The conversation underscores the importance of validating hardware and firmware integrity for organizations while also addressing the significant security risks associated with AI workloads. As AI data centers continue to grow, understanding these challenges and implementing robust security measures will be essential for future success. Chapters 00:00 Introduction to Zero Trust and Its Evolution 03:33 Current State of Zero Trust Implementation 05:22 Micro-Segmentation and Infrastructure Security 10:02 Zero Trust and Lateral Movement Prevention 11:32 The Role of Zero Trust in Ransomware Defense 14:51 Chase Cunningham's Insights on Cyber Warfare 16:23 The Intersection of Cyber Warfare and Modern Conflicts 21:35 The Future of Warfare: Drones and Cybersecurity 24:01 Understanding the Drone Threat 28:28 The Evolution of Cyber Warfare 35:00 The State of Critical Infrastructure 39:26 The Economics of Breaches 44:29 Incentivizing Cybersecurity Improvements
/episode/index/show/belowthesurfacesw/id/37237840
info_outline
Securing the Future of AI Infrastructure - BTS #52
07/01/2025
Securing the Future of AI Infrastructure - BTS #52
In this episode, the hosts discuss the evolving landscape of AI infrastructure security, focusing on the complexities of building and maintaining AI data centers. They explore the critical role of Baseboard Management Controllers (BMCs) as an attack surface, the importance of supply chain security, and best practices for hardware procurement. The conversation underscores the importance of validating hardware and firmware integrity for organizations while also addressing the significant security risks associated with AI workloads. As AI data centers continue to grow, understanding these challenges and implementing robust security measures will be essential for future success.
/episode/index/show/belowthesurfacesw/id/37237720
info_outline
When Windows 10 Expires - BTS #51
05/30/2025
When Windows 10 Expires - BTS #51
In this episode, the hosts discuss the impending end of life for Windows 10 and the necessary preparations for upgrading to Windows 11. They explore the specific hardware requirements for Windows 11, including the importance of Secure Boot and TPM 2.0, and the challenges enterprises face in managing large-scale migrations. The conversation underscores the importance of meticulous planning to prevent costly failures and the influence of legacy systems on the upgrade process. In this conversation, the speakers discuss the implications of transitioning to Windows 11, focusing on the challenges posed by legacy systems, supply chain issues, and the importance of modern hardware for security. They delve into the Black Lotus UEFI boot kit and the necessary mitigations, emphasizing the need for organizations to validate their security controls and establish a robust trust framework. The discussion also highlights the growing importance of third-party risk management in cybersecurity, particularly in relation to supply chain security.
/episode/index/show/belowthesurfacesw/id/36789665
info_outline
SBOMs, HBOMs, and Supply Chain Visibility - BTS #50
05/15/2025
SBOMs, HBOMs, and Supply Chain Visibility - BTS #50
Summary In this episode, Paul Asadoorian and Joshua Marpet delve into the complexities of compliance, inventory management, and the emerging concepts of SBOMs, HBOMs, and FBOMs (no, not that FBOM). They discuss the importance of understanding the components and origins of hardware and software, the challenges of managing technology lifecycles, and the need for clear standards and regulations in the tech industry. The conversation emphasizes the critical role of asset inventories in maintaining security and compliance in an ever-evolving technological landscape. In this conversation, Joshua Marpet and Paul Asadoorian delve into the complexities of hardware security, the cultural shifts needed in security practices, and the importance of transparency in software and firmware management. They discuss the challenges posed by hardware backdoors, the necessity of Software Bill of Materials (SBOMs), and the hidden risks associated with firmware updates. The dialogue emphasizes the need for a cultural change in how organizations approach security and compliance, advocating for continuous management and transparency to inspire confidence in security practices. Chapters 00:00 Introduction and Technical Challenges 02:02 Exploring Compliance and Frameworks 05:06 Understanding S-bombs, H-bombs, and F-bombs 10:10 The Importance of Inventory and Asset Management 15:01 Navigating Hardware and Software Lifecycle 19:58 Standards and Regulations in Technology 23:56 The Manchurian Microchip and Hardware Backdoors 27:44 Cultural Change in Security Practices 30:47 The Importance of Transparency and SBOMs 36:39 Challenges in Compliance and Risk Management 42:42 The Hidden Risks of Firmware and Hardware Updates
/episode/index/show/belowthesurfacesw/id/36579515
info_outline
The Hidden Risks of Open Source Components - BTS #49
05/06/2025
The Hidden Risks of Open Source Components - BTS #49
In this episode, Paul Asadorian and Josh Bressers delve into the complexities of open source supply chain security, discussing the prevalence of open source components in modern software, the challenges posed by legacy systems, and the critical importance of vulnerability management. They explore the regulatory landscape surrounding software liability and the need for better tools and practices to ensure secure product development. The conversation highlights the necessity of understanding dependencies and the implications of consumer security in a market driven by features rather than security. In this conversation, Josh Bressers and Paul discuss the importance of Software Bill of Materials (SBOMs) in enhancing supply chain security and vulnerability management. They explore the role of metadata in programming languages like Go and Rust, the challenges of accurately identifying vulnerabilities through CVEs, and the need for better automation in vulnerability detection. The discussion also touches on the potential of AI in identifying vulnerabilities, the introduction of tools like SIFT and GRIPE for generating SBOMs and scanning for vulnerabilities, and the future implications of these technologies in software security.
/episode/index/show/belowthesurfacesw/id/36455395
info_outline
Hardware Hacking Tips & Tricks - BTS #48
04/07/2025
Hardware Hacking Tips & Tricks - BTS #48
In this episode, Paul and Chase delve into the world of hardware hacking, focusing on devices like the Flipper Zero and ESP32. They discuss the various applications of these tools, their impact on awareness in the hacking community, and the security implications surrounding their use. The conversation also touches on vulnerabilities in hotel security systems, challenges in remediating legacy systems, and the commoditization of hacking tools. Through practical examples and insights, the hosts explore the evolving landscape of cybersecurity and the role of hardware in it. In this conversation, Paul and Chase delve into the world of hardware hacking, discussing the accessibility of devices like the Flipper Zero and ESP32, the importance of supply chain security, and the real-world implications of vulnerabilities in firmware and bootloaders. They emphasize the need for validation in the supply chain and explore the growing interface between hardware hacking and enterprise risk.
/episode/index/show/belowthesurfacesw/id/36041385
info_outline
BMC&C Part 3 - BTS #47
03/19/2025
BMC&C Part 3 - BTS #47
In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the latest vulnerability disclosures related to Baseboard Management Controllers (BMCs), specifically focusing on AMI Megarac and Redfish. They discuss the nature of the vulnerabilities, the discovery process, and the potential impacts of a BMC compromise. The conversation highlights the importance of understanding BMCs in the context of supply chain security and the risks associated with exposing these components to the internet. The conversation delves into the vulnerabilities associated with Baseboard Management Controllers (BMCs), particularly focusing on the Redfish API and the potential for exploitation. The speakers discuss the implications of these vulnerabilities on hardware, the challenges faced by vendors in patching, and the importance of network segmentation and monitoring. They also highlight the limitations of logging and the effectiveness of Web Application Firewalls (WAFs) in this context. The discussion emphasizes the need for robust security measures to protect enterprise networks from potential attacks.
/episode/index/show/belowthesurfacesw/id/35776205
info_outline
Black Basta - Threat Intelligence Insights - BTS #46
03/05/2025
Black Basta - Threat Intelligence Insights - BTS #46
In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the recent leaks from the Black Basta ransomware group, exploring the implications of the leaked chat logs, the operational tactics of the group, and the evolving landscape of ransomware attacks. The conversation highlights the importance of understanding threat intelligence derived from these leaks, the significance of targeting exposed devices, and the necessity of robust security measures to mitigate risks. In this conversation, the speakers delve into the evolving tactics of ransomware groups, emphasizing the importance of understanding their operational scale and methodologies. They discuss the significance of early detection and the necessity for organizations to adopt robust defensive strategies, particularly in credential management and vulnerability monitoring. The conversation highlights the need for enterprises to harden their defenses against potential intrusions and the critical role of effective password management in mitigating risks.
/episode/index/show/belowthesurfacesw/id/35547550
info_outline
Understanding Firmware Vulnerabilities in Network Appliances - BTS #45
02/06/2025
Understanding Firmware Vulnerabilities in Network Appliances - BTS #45
In this episode, Paul, Vlad, and Chase discuss the security challenges of Palo Alto devices and network appliances. They explore the vulnerabilities present in these devices, the importance of best practices in device management, and the need for automatic updates. The conversation highlights the evolving nature of firmware vulnerabilities and the necessity for compensating controls to mitigate risks. The hosts emphasize the responsibility of vendors to ensure their products are secure and the need for a shift in user expectations regarding security appliances. In this conversation, the speakers discuss the pressing need for improved security standards in network appliances, the challenges posed by auto updates and supply chain security, and the importance of implementing zero trust principles. They also delve into the role of firmware encryption and key management in enhancing security while emphasizing the necessity of monitoring and detection to safeguard against vulnerabilities.
/episode/index/show/belowthesurfacesw/id/35181615