Costin G. Raiu
@craiu.bsky.social
Romanian antihacker from another planet. #threatintel #yara #chess #taekwondo black belt
Motto: "One reboot a day keeps the implant away"
Motto: "One reboot a day keeps the implant away"
Reposted by Costin G. Raiu
OpenAI's Dave Aitel on using Aardvark to audit cryptocurrency smart contracts @craiu.bsky.social @daveaitel.bsky.social
November 1, 2025 at 6:06 PM
OpenAI's Dave Aitel on using Aardvark to audit cryptocurrency smart contracts @craiu.bsky.social @daveaitel.bsky.social
Reposted by Costin G. Raiu
Three Buddy Problem, Ottawa, Canada. @craiu.bsky.social @jags.bsky.social
November 8, 2025 at 10:29 PM
Three Buddy Problem, Ottawa, Canada. @craiu.bsky.social @jags.bsky.social
Reposted by Costin G. Raiu
This week's show features OpenAI's Dave Aitel and is up on YouTube @daveaitel.bsky.social @jags.bsky.social @craiu.bsky.social
youtu.be/EwMJsU8klZ0?...
youtu.be/EwMJsU8klZ0?...
OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
YouTube video by Three Buddy Problem
youtu.be
October 31, 2025 at 9:00 PM
This week's show features OpenAI's Dave Aitel and is up on YouTube @daveaitel.bsky.social @jags.bsky.social @craiu.bsky.social
youtu.be/EwMJsU8klZ0?...
youtu.be/EwMJsU8klZ0?...
Reposted by Costin G. Raiu
New episode ALERT! @craiu.bsky.social @jags.bsky.social
News on Apple's iOS 26 quietly killing shutdown.log forensic artifact, a million-dollar WhatsApp zero-click that never materialized, Chinese threat intel reports pointing fingers at the NSA...
securityconversations.com/episode/appl...
News on Apple's iOS 26 quietly killing shutdown.log forensic artifact, a million-dollar WhatsApp zero-click that never materialized, Chinese threat intel reports pointing fingers at the NSA...
securityconversations.com/episode/appl...
Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA - Security Conversations
Three Buddy Problem – Episode 69: We dig into news that Apple's iOS 26 has quietly killed the shutdown.log forensic artifact used to spot signs […]
securityconversations.com
October 24, 2025 at 7:17 PM
New episode ALERT! @craiu.bsky.social @jags.bsky.social
News on Apple's iOS 26 quietly killing shutdown.log forensic artifact, a million-dollar WhatsApp zero-click that never materialized, Chinese threat intel reports pointing fingers at the NSA...
securityconversations.com/episode/appl...
News on Apple's iOS 26 quietly killing shutdown.log forensic artifact, a million-dollar WhatsApp zero-click that never materialized, Chinese threat intel reports pointing fingers at the NSA...
securityconversations.com/episode/appl...
Reposted by Costin G. Raiu
Costin with some advice for threat hunters @craiu.bsky.social @jags.bsky.social
youtube.com/shorts/z6fX1...
youtube.com/shorts/z6fX1...
Costin's advice for threat hunters: Look at Ukraine CERT reports
YouTube video by Three Buddy Problem
youtube.com
September 29, 2025 at 4:17 PM
Costin with some advice for threat hunters @craiu.bsky.social @jags.bsky.social
youtube.com/shorts/z6fX1...
youtube.com/shorts/z6fX1...
Reposted by Costin G. Raiu
An all-new Three Buddy Problem for your weekend earholes. Apple exploits chains, Oracle + ransomware, Ivanti 0days, VT pricing tiers @craiu.bsky.social @jags.bsky.social
youtu.be/qPj9_8azAvk?...
youtu.be/qPj9_8azAvk?...
Apple Exploit-Chain Bounties, Tactical Wi-Fi Exploit Suitcases
YouTube video by Three Buddy Problem
youtu.be
October 12, 2025 at 2:19 PM
An all-new Three Buddy Problem for your weekend earholes. Apple exploits chains, Oracle + ransomware, Ivanti 0days, VT pricing tiers @craiu.bsky.social @jags.bsky.social
youtu.be/qPj9_8azAvk?...
youtu.be/qPj9_8azAvk?...
Reposted by Costin G. Raiu
Reposted by Costin G. Raiu
"The best netflow comes from asking friends for favors." -- @jags.bsky.social @craiu.bsky.social
June 14, 2025 at 4:16 PM
"The best netflow comes from asking friends for favors." -- @jags.bsky.social @craiu.bsky.social
Reposted by Costin G. Raiu
[FR][EN]Our last report on Storm-1516, a russian information manipulation set (IMS) likely to affect the French and European debate.
So proud of my team!
Feel free to share and enjoy. #FIMI
So proud of my team!
Feel free to share and enjoy. #FIMI
VIGINUM publie un rapport sur les activités de Storm-1516, un mode opératoire informationnel russe susceptible d’affecter le débat public francophone et européen.
Ce rapport s'appuie sur l'analyse de 77 opérations informationnelles conduites par Storm-1516 ➡️ www.sgdsn.gouv.fr/publications...
Ce rapport s'appuie sur l'analyse de 77 opérations informationnelles conduites par Storm-1516 ➡️ www.sgdsn.gouv.fr/publications...
May 7, 2025 at 9:30 AM
[FR][EN]Our last report on Storm-1516, a russian information manipulation set (IMS) likely to affect the French and European debate.
So proud of my team!
Feel free to share and enjoy. #FIMI
So proud of my team!
Feel free to share and enjoy. #FIMI
Reposted by Costin G. Raiu
🔥 NEW pod alert! Signalgate and Signal's ID management nightmares, who's the mysterious APT caught in Russia, the return of Lab Dookhtegan and coordinated hack-for-leak ops @craiu.bsky.social @jags.bsky.social
Apple: bit.ly/3budprob
YouTube: bit.ly/TBP-YT
Spotify: bit.ly/3DH5wEO
Apple: bit.ly/3budprob
YouTube: bit.ly/TBP-YT
Spotify: bit.ly/3DH5wEO
Three Buddy Problem
Technology Podcast · Updated Weekly · The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware,...
bit.ly
March 28, 2025 at 7:49 PM
🔥 NEW pod alert! Signalgate and Signal's ID management nightmares, who's the mysterious APT caught in Russia, the return of Lab Dookhtegan and coordinated hack-for-leak ops @craiu.bsky.social @jags.bsky.social
Apple: bit.ly/3budprob
YouTube: bit.ly/TBP-YT
Spotify: bit.ly/3DH5wEO
Apple: bit.ly/3budprob
YouTube: bit.ly/TBP-YT
Spotify: bit.ly/3DH5wEO
Reposted by Costin G. Raiu
This week, four buddies, no problems! Katie Moussouris is joining the show 🌺
Set your alarms ⏰
Spotify: bit.ly/3DH5wEO
Apple: bit.ly/3budprob
YouTube: bit.ly/TBP-YT
@k8em0.bsky.social @craiu.bsky.social @jags.bsky.social
Set your alarms ⏰
Spotify: bit.ly/3DH5wEO
Apple: bit.ly/3budprob
YouTube: bit.ly/TBP-YT
@k8em0.bsky.social @craiu.bsky.social @jags.bsky.social
March 20, 2025 at 6:09 PM
This week, four buddies, no problems! Katie Moussouris is joining the show 🌺
Set your alarms ⏰
Spotify: bit.ly/3DH5wEO
Apple: bit.ly/3budprob
YouTube: bit.ly/TBP-YT
@k8em0.bsky.social @craiu.bsky.social @jags.bsky.social
Set your alarms ⏰
Spotify: bit.ly/3DH5wEO
Apple: bit.ly/3budprob
YouTube: bit.ly/TBP-YT
@k8em0.bsky.social @craiu.bsky.social @jags.bsky.social
Reposted by Costin G. Raiu
A brand-new pod for your weekend earholes. The show is available on all platforms @craiu.bsky.social @jags.bsky.social
securityconversations.com/episode/a-ha...
securityconversations.com/episode/a-ha...
A half-dozen Microsoft zero-days, Juniper router backdoors, advanced bootkit hunting - Security Conversations
Three Buddy Problem – Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS […]
securityconversations.com
March 14, 2025 at 8:10 PM
A brand-new pod for your weekend earholes. The show is available on all platforms @craiu.bsky.social @jags.bsky.social
securityconversations.com/episode/a-ha...
securityconversations.com/episode/a-ha...
Reposted by Costin G. Raiu
🇨🇳🇺🇸🕵️ On the pod, we unpacked a new report on what China knows about NSA intrusions @jags.bsky.social @craiu.bsky.social www.linkedin.com/posts/ryanar...
Ryan Naraine on LinkedIn: #threebuddyproblem
🇨🇳 🇺🇸 On the pod, we unpacked a new report on what China knows about NSA intrusions 🕵♀️ Costin Raiu #ThreeBuddyProblem
www.linkedin.com
February 26, 2025 at 3:21 PM
🇨🇳🇺🇸🕵️ On the pod, we unpacked a new report on what China knows about NSA intrusions @jags.bsky.social @craiu.bsky.social www.linkedin.com/posts/ryanar...
Reposted by Costin G. Raiu
Good news, there appear to be no need to cancel the results of the German elections!
February 23, 2025 at 6:13 PM
Good news, there appear to be no need to cancel the results of the German elections!
Reposted by Costin G. Raiu
Three Buddy Problem heads-up: The pod will be a day late this week because of travel schedules.
Catch up on Spotify open.spotify.com/show/6dXbRag...
Catch up on Spotify open.spotify.com/show/6dXbRag...
An 'extremely sophisticated' iPhone hack; Google flags major AMD microcode bug
open.spotify.com
February 21, 2025 at 6:23 PM
Three Buddy Problem heads-up: The pod will be a day late this week because of travel schedules.
Catch up on Spotify open.spotify.com/show/6dXbRag...
Catch up on Spotify open.spotify.com/show/6dXbRag...
Reposted by Costin G. Raiu
Tuned in to listen to a pretty nuanced take on Salt Typhoon, got jump scared by @jags.bsky.social mentioning my name lol
Three Buddy Problem Episode 28 - the first of 2025, is out! We discuss the US Treasury/BeyondTrust hack, APT group naming bad examples of bad examples, a new variant of the Xdr33 malware and exclusive new information on the Cyberhaven hack. securityconversations.com/episode/us-t...
US Treasury hacked via BeyondTrust, MISP and the threat actor naming mess - Security Conversations
Three Buddy Problem – Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by […]
securityconversations.com
January 8, 2025 at 12:52 AM
Tuned in to listen to a pretty nuanced take on Salt Typhoon, got jump scared by @jags.bsky.social mentioning my name lol
Three Buddy Problem Episode 28 - the first of 2025, is out! We discuss the US Treasury/BeyondTrust hack, APT group naming bad examples of bad examples, a new variant of the Xdr33 malware and exclusive new information on the Cyberhaven hack. securityconversations.com/episode/us-t...
US Treasury hacked via BeyondTrust, MISP and the threat actor naming mess - Security Conversations
Three Buddy Problem – Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by […]
securityconversations.com
January 4, 2025 at 8:51 PM
Three Buddy Problem Episode 28 - the first of 2025, is out! We discuss the US Treasury/BeyondTrust hack, APT group naming bad examples of bad examples, a new variant of the Xdr33 malware and exclusive new information on the Cyberhaven hack. securityconversations.com/episode/us-t...
Reposted by Costin G. Raiu
“Today, more seasoned hackers are recruiting kids from the gaming world, said Allison Nixon, chief research officer at online investigations firm Unit 221B. ‘There’s a talent pool in those videogames that can be drawn from and fraud groups have realized this.’”
www.wsj.com/tech/cyberse...
www.wsj.com/tech/cyberse...
Getting Cheated in a Videogame Led Him to a World of Online Crime
At 16, Ricky Handschumacher was a high-school baseball star. A decade later, he was facing federal prison for stealing cryptocurrency.
www.wsj.com
December 31, 2024 at 10:53 AM
“Today, more seasoned hackers are recruiting kids from the gaming world, said Allison Nixon, chief research officer at online investigations firm Unit 221B. ‘There’s a talent pool in those videogames that can be drawn from and fraud groups have realized this.’”
www.wsj.com/tech/cyberse...
www.wsj.com/tech/cyberse...
Reposted by Costin G. Raiu
Proud and honored to see @viginum.bsky.social ’s investigation on the Portal Kombat disinformation network mentioned in @craiu.bsky.social’s top of the top 2024 research list.
Thank you & Kudos to the DivOps team!
@colingerard.bsky.social
medium.com/@costin.raiu...
Thank you & Kudos to the DivOps team!
@colingerard.bsky.social
medium.com/@costin.raiu...
The Best Cybersecurity Stories of 2024
For me, 2024 has been an amazing year. I finally got my black belt in Taekwondo and together with my friends Juan and Ryan we started a new…
medium.com
December 29, 2024 at 2:57 PM
Proud and honored to see @viginum.bsky.social ’s investigation on the Portal Kombat disinformation network mentioned in @craiu.bsky.social’s top of the top 2024 research list.
Thank you & Kudos to the DivOps team!
@colingerard.bsky.social
medium.com/@costin.raiu...
Thank you & Kudos to the DivOps team!
@colingerard.bsky.social
medium.com/@costin.raiu...
Reposted by Costin G. Raiu
Security Conversations
Technology Podcast · 144 Episodes · Updated Weekly
podcasts.apple.com
December 27, 2024 at 7:05 PM
Reposted by Costin G. Raiu
🎁🧐 NEW! Episode 26 is gift-wrapped and delivered with spicy hot takes on CISA's VPN advice, banning TP-Link, bombing ransomware hackers and Cellebrite/Android 0days @craiu.bsky.social @jags.bsky.social
Enjoy wherever pods are found!
securityconversations.com/episode/us-g...
Enjoy wherever pods are found!
securityconversations.com/episode/us-g...
US government's VPN advice, dropping bombs on ransomware gangs - Security Conversations
Three Buddy Problem – Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, […]
securityconversations.com
December 23, 2024 at 7:54 PM
🎁🧐 NEW! Episode 26 is gift-wrapped and delivered with spicy hot takes on CISA's VPN advice, banning TP-Link, bombing ransomware hackers and Cellebrite/Android 0days @craiu.bsky.social @jags.bsky.social
Enjoy wherever pods are found!
securityconversations.com/episode/us-g...
Enjoy wherever pods are found!
securityconversations.com/episode/us-g...
Reposted by Costin G. Raiu
December 23, 2024 at 9:45 PM
Reposted by Costin G. Raiu
For Christmas, the Three Buddy Problem pod will be looking back at the best security research that was published in 2024. Special buddy cookies to those who were outstanding.
Extra points for obscure ones! @craiu.bsky.social @jags.bsky.social
Link: docs.google.com/forms/d/e/1F...
Extra points for obscure ones! @craiu.bsky.social @jags.bsky.social
Link: docs.google.com/forms/d/e/1F...
Three Buddy Problem's Best Security/CTI Research of 2024
docs.google.com
December 11, 2024 at 6:26 PM
For Christmas, the Three Buddy Problem pod will be looking back at the best security research that was published in 2024. Special buddy cookies to those who were outstanding.
Extra points for obscure ones! @craiu.bsky.social @jags.bsky.social
Link: docs.google.com/forms/d/e/1F...
Extra points for obscure ones! @craiu.bsky.social @jags.bsky.social
Link: docs.google.com/forms/d/e/1F...
What is the link between the canceling of the presidential elections in Ro, foreign influence, Russia and TikTok? Episode 24 of the Three Buddy Problem podcast deep dives into the topic with local insights: securityconversations.com/episode/insi...
Inside the Turla Playbook: Hijacking APTs and fourth-party espionage - Security Conversations
Three Buddy Problem – Episode 24: In this episode, we did into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues […]
securityconversations.com
December 11, 2024 at 6:43 PM
What is the link between the canceling of the presidential elections in Ro, foreign influence, Russia and TikTok? Episode 24 of the Three Buddy Problem podcast deep dives into the topic with local insights: securityconversations.com/episode/insi...
Help us choose the best security research of 2024:
For Christmas, the Three Buddy Problem pod will be looking back at the best security research that was published in 2024. Special buddy cookies to those who were outstanding.
Extra points for obscure ones! @craiu.bsky.social @jags.bsky.social
Link: docs.google.com/forms/d/e/1F...
Extra points for obscure ones! @craiu.bsky.social @jags.bsky.social
Link: docs.google.com/forms/d/e/1F...
Three Buddy Problem's Best Security/CTI Research of 2024
docs.google.com
December 11, 2024 at 6:39 PM
Help us choose the best security research of 2024: