Insights from recent episode analysis
Audience Interest
Podcast Focus
Publishing Consistency
Platform Reach
Insights are generated by CastFox AI using publicly available data, episode content, and proprietary models.
Most discussed topics
Brands & references
Est. Listeners
Insufficient chart data. Estimates will improve as the show charts.
- Per-Episode Audience
Est. listeners per new episode within ~30 days
N/A🎙 ~2x weekly·71 episodes·Last published 1w ago - Monthly Reach
Unique listeners across all episodes (30 days)
N/A - Active Followers
Loyal subscribers who consistently listen
N/A
Market Insights
Platform Distribution
Reach across major podcast platforms, updated hourly
Total Followers
—
Total Plays
—
Total Reviews
—
* Data sourced directly from platform APIs and aggregated hourly across all major podcast directories.
On the show
From 12 epsHosts
Recent guests
Recent episodes
Binwalk, Brickstorm, AI Model Madness - BTS #76
Jun 16, 2026
Unknown duration
Secure Boot Certificates Expiring: What You Need to Know - BTS #75
Jun 3, 2026
Unknown duration
YellowKey, CVE Enrichment, Chipmaker Breach - BTS #74
May 19, 2026
Unknown duration
Uncovering Firmware Risks: From Y2K to Modern Malware - BTS #73
May 7, 2026
55m 01s
AI-Powered Firmware Hacking: The Future of Vulnerability Discovery - BTS #72
Apr 17, 2026
58m 59s
Social Links & Contact
Official channels & resources
Official Website
Login
RSS Feed
Login
| Date | Episode | Topics | Guests | Brands | Places | Keywords | Sponsor | Length | |
|---|---|---|---|---|---|---|---|---|---|
| 6/16/26 |  Binwalk, Brickstorm, AI Model Madness - BTS #76 | summary In this episode of Below the Surface, Paul Asadoorian, Chase Snyder, and Vlad Babkin discuss the implications of AI in cybersecurity, the challenges posed by AI guardrails, and the operational risks associated with applying patches. They also explore vulnerabilities in security tools like Binwalk, the complexities of firmware update tools, and the importance of transparency in software signing, particularly in the context of open source software. In this conversation, the speakers delve into the complexities of cybersecurity, focusing on the limitations of security through obscurity, the challenges posed by UEFI shells and secure boot, and the operational risks associated with DBX updates. They discuss the difficulties in vulnerability management and the role of AI in cybersecurity, highlighting how it may benefit attackers more than defenders. The conversation also touches on emerging threats like Brickstorm malware and the need to rethink edge device security in light of these challenges. Finally, they emphasize the necessity for all companies to adopt robust cybersecurity measures. Chapters 00:00 Introduction to Below the Surface Podcast 01:16 The Rise of AI and Its Implications 06:42 Challenges with AI Guardrails and Restrictions 10:53 Operational Risks in Cybersecurity 17:01 Vulnerabilities in Security Tools 20:11 Exploring Firmware Update Tools 29:07 The Importance of Open Source in Security 34:07 The Need for Transparency in Software Signing 35:12 The Fallacy of Security Through Obscurity 36:36 The Challenges of UEFI Shells and Secure Boot 39:58 The Complexity of DBX Updates and Operational Risks 43:20 The Difficulty of Vulnerability Management 48:11 AI's Role in Cybersecurity: A Double-Edged Sword 52:59 Emerging Threats: The Rise of Brickstorm Malware 55:54 Rethinking Edge Device Security 01:00:08 The Future of Cybersecurity Infrastructure | — | ||||||
| 6/3/26 |  Secure Boot Certificates Expiring: What You Need to Know - BTS #75 | In this episode of Below the Surface, the team discusses recent cybersecurity trends, including the Verizon DBIR 2026 report, secure boot certificate expirations, and the evolving threat landscape with AI and hardware vulnerabilities. They explore how organizations can adapt their defense strategies to stay ahead of attackers and share insights on supply chain security and malware analysis. https://eclypsium.com/blog/microsoft-secure-boot-certificates-expire-2026/ https://eclypsium.com/blog/verizon-dbir-2026/ https://github.com/iss4cf0ng/OpenPetya https://gbhackers.com/exploit-f5-big-ip-ssh-access/ https://www.microsoft.com/en-us/security/blog/2026/05/22/from-edge-appliance-to-enterprise-compromise-multi-stage-linux-intrusion-via-f5-and-confluence/ https://cybersecuritynews.com/china-linked-hackers-target-southeast-asian-edge-routers/ https://qiita.com/Y4er/items/0b6071745e4b7b240b3e https://www.greynoise.io/blog/sonicwall-scanning-spike-echoes-pattern-preceded-cve-2026-0400 YellowKey update: https://www.reddit.com/r/sysadmin/comments/1tkq3x9/yellowkey_bitlocker_exploit_repo_taken_down/ Chapters 00:00 Introduction and Technical Issues 02:56 Verizon DBIR Insights 05:50 Trends in Vulnerability Management 09:04 The Role of AI in Cybersecurity 12:11 Challenges in Vulnerability Management 14:46 Secure Boot Certificates and Their Implications 29:52 Managing Updates and Security Risks 32:57 The Open Petya Project: A Historical Perspective 36:11 Understanding the Yellow Key Attack 39:34 The Dilemma of Independent Researchers 41:34 The Future of Bug Bounty Programs 43:59 The Evolving Landscape of Vulnerabilities 49:51 Visibility Challenges in Network Security 56:16 The Need for Better Information Sharing | — | ||||||
| 5/19/26 |  YellowKey, CVE Enrichment, Chipmaker Breach - BTS #74 | In this episode, we explore recent vulnerabilities, the YellowKey BitLocker bypass, supply chain security, CVE data analysis, and the implications of hardware breaches like the one at Foxconn. We also delve into AI's role in vulnerability research and the evolving landscape of cybersecurity threats. Topics https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth https://github.com/Nightmare-Eclipse/YellowKey https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack https://x.com/AlvieriD/status/2053835732658143416 Chapters 00:00 Introduction to Vulnerability Research and AI 03:42 NIST and CVE Growth Challenges 06:46 Building Tools for CVE Analysis 10:58 The Complexity of CVSS Scoring 15:08 CISA's Role in Vulnerability Enrichment 18:06 Challenges in CWE and CPE Data 19:55 The Future of Vulnerability Research 27:18 BitLocker Bypass: A Case Study 33:05 Exploring the Complexity of Windows Features 34:49 Speculation on Microsoft and Conspiracy Theories 35:57 The Impact of BIOS Passwords on Security 39:12 The Foxconn Breach: A Major Data Compromise 47:34 Supply Chain Attacks on Package Managers 51:13 Deceptive Techniques in Cybersecurity | — | ||||||
| 5/7/26 |  Uncovering Firmware Risks: From Y2K to Modern Malware - BTS #73✨ | firmware securitysupply chain vulnerabilities+3 | Brian Richardson | Cisco ASAFTD+3 | — | firmware risksmalware+3 | — | 55m 01s | |
| 4/17/26 |  AI-Powered Firmware Hacking: The Future of Vulnerability Discovery - BTS #72✨ | cybersecurityAI-driven vulnerability discovery+4 | — | Samsung TVEclypsium+1 | — | AIvulnerability discovery+4 | — | 58m 59s | |
| 4/7/26 |  What Makes a Device a Router? - BTS #71✨ | FCC regulationscybersecurity+4 | — | routersfirmware+5 | — | FCC regulationscybersecurity+5 | — | 1h 01m 42s | |
| 3/25/26 |  How Cheap KVMs Could Be Your Network's Weak Link - BTS #70✨ | KVM vulnerabilitiessecurity best practices+4 | PaulRey | KVMsGLINet+3 | — | KVM securityfirmware analysis+5 | — | 1h 02m 56s | |
| 3/5/26 |  Navigating Network Edge Vulnerabilities - BTS #69✨ | network edge vulnerabilitiescybersecurity strategies+5 | Vlad BabkinAdrian Sanabria | AvantiEclypsium | — | network edge devicescybersecurity+8 | — | 1h 04m 13s | |
| 2/11/26 |  Attacking Power Grids - BTS #68✨ | cybersecurity threatscritical infrastructure+5 | — | PythonRussian+1 | Poland | cybersecurityRussian cyber attacks+5 | — | 1h 02m 01s | |
| 1/27/26 |  BIOS Password Cracking, Secure Boot, and Stackwarp - BTS #67✨ | cybersecurityBIOS password cracking+5 | — | BIOSAMD+4 | — | cybersecurityBIOS password cracking+6 | — | 1h 00m 29s | |
Want analysis for the episodes below?Free for Pro Submit a request, we'll have your selected episodes analyzed within an hour. Free, at no cost to you, for Pro users. | |||||||||
| 1/15/26 |  Beyond the Label: The Truth About Hardware Trust - BTS #66✨ | hardware supply chain securitytrust in silicon+5 | Larry PesciJoshua Marpet+1 | Black Hat Asia | — | hardware trustsupply chain security+5 | — | 56m 46s | |
| 12/15/25 |  Exploring AI in Firmware Analysis - BTS #65✨ | AI in firmware analysisvulnerability discovery+4 | Matt Brown | Eclypsium | — | firmware analysisAI-driven approaches+6 | — | 1h 00m 35s | |
| 11/24/25 |  Patching, Evil AI, Supply Chain Breaches - BTS #64✨ | cybersecuritysupply chain breaches+3 | — | FortinetOWASP | — | Fortinetsupply chain+4 | — | 1h 08m 03s | |
| 10/30/25 |  F5 Breach, Linux Malware, and Hacking Banks - BTS #63✨ | cybersecurityF5 breach+5 | — | F5QNAP+6 | — | cyber attacksPolar Edge malware+8 | — | 1h 00m 06s | |
| 10/21/25 |  Unpacking the F5 Breach, Framework UEFI Shells - BTS #62✨ | F5 breachvulnerability disclosure+4 | — | F5Linux+1 | — | F5 breachvulnerability disclosure+5 | — | 53m 20s | |
| 10/8/25 |  Red November, Cisco Vulnerabilities, and Supply Chain Security - BTS #61 | In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the Red November campaign targeting network edge devices, the implications of the Cisco SNMP vulnerability, and the recent vulnerabilities associated with Cisco ASA devices. They also delve into the hybrid Petya ransomware and its connection to supply chain security, emphasizing the need for better visibility and security measures in network devices. Chapters: 00:00 Introduction and Overview of Cybersecurity Trends 02:09 Red November Campaign: Targeting Network Edge Devices 11:06 The Shift in Attack Vectors: From Windows to Network Edge 14:59 Cisco SNMP Vulnerability: A Legacy Issue 21:21 The Implications of Targeting Network Edge Devices 28:20 Addressing Legacy Issues in Cybersecurity 29:41 Emerging Threats in Cybersecurity 32:19 The Age of Vulnerabilities 33:40 The Importance of Asset Inventory 35:38 Challenges in Device Security 37:22 Visibility and Detection Limitations 39:28 Vendor Responses to Vulnerabilities 41:24 Supply Chain Security Crisis 46:59 Understanding Hybrid Petya 52:11 The Evolution of Attack Techniques | — | ||||||
| 9/22/25 |  HybridPetya and UEFI Threats - BTS #60 | In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the evolution of malware with a focus on Hybrid Petya, the implications of UEFI vulnerabilities, and the security risks associated with Windows 10's end of life. They also explore the vulnerabilities of Cisco ASA devices, the rise of supply chain attacks exemplified by NPM worms, and the persistent threat of Row Hammer attacks on DDR5 technology. The conversation highlights the significance of visibility in cybersecurity and the necessity for enhanced security practices to counter evolving threats. Chapters 00:00 Introduction and Podcast Overview 02:55 Hybrid Petya: The New Threat Landscape 06:03 Understanding UEFI and Secure Boot Vulnerabilities 09:00 The Evolution of Ransomware Techniques 11:54 Windows 10 End of Life Concerns 14:56 The Future of Secure Boot and User Responsibility 22:50 The Shift in Consumer Trust Towards Microsoft 25:11 The Rise of Alternatives: Linux and SteamOS 28:41 Security Concerns with Windows 10 and 11 31:57 Exploiting End-of-Life Devices 36:39 The Challenge of Legacy Infrastructure 39:41 VPN Security: Risks and Solutions 45:40 The Dilemma of Compliance and Visibility 50:16 Supply Chain Vulnerabilities and NPM Attacks 55:54 The Rowhammer Attack and Hardware Security 01:03:40 The Need for Visibility and Signatures in Security | — | ||||||
| 9/10/25 |  Exploit Marketplaces - BTS #59 | In this episode of Below the Surface, host Paul Asadoorian speaks with Evan Dornbush, CEO of Desired Effect, about the evolving landscape of exploit marketplaces and vulnerability research. They discuss the challenges researchers face in monetizing their findings, the ethical implications of selling exploits, and the importance of timely intelligence for defenders. The conversation also touches on the role of AI in vulnerability research, the dynamics between buyers and sellers in the marketplace, and the impact of end-of-life devices on cybersecurity. Overall, the episode provides valuable insights into the complexities of the exploit marketplace and the need for a more proactive approach to cybersecurity. Chapters 00:00 Introduction to Desired Effect and Evan Dornbush 02:35 The Evolution of Exploit Marketplaces 05:06 Monetizing Vulnerability Research 07:46 The Role of Disclosure in Exploit Sales 10:28 Understanding the Value of Exploits 13:14 Ethics and Motivations in Vulnerability Research 15:51 Validation of Vulnerabilities and Exploits 18:29 Buyer Vetting and Market Dynamics 21:31 Proactive Defense Strategies 24:32 Market Insights and Future Trends 27:43 The Marketplace for Exploits 31:08 The Role of Researchers and Vendors 34:51 The Asymmetry in Cybersecurity 38:03 Economic Incentives in Cybersecurity 40:25 The Complexity of Risk Management 43:57 The Future of Exploit Disclosure 47:23 The Role of AI in Cybersecurity 53:31 Closing Thoughts on Exploit Ethics | — | ||||||
| 9/4/25 |  UEFI Vulnerabilities and Hardware Risks - BTS #58 | In this episode, the hosts discuss various cybersecurity topics, focusing on hardware vulnerabilities, UEFI attack vectors, and the implications of new regulations on device security. They explore the evolution of Mirai variants targeting IoT devices and the challenges of securing firmware. The conversation highlights the need for improved security measures and the complexities of managing vulnerabilities in a rapidly changing technological landscape. 00:00 Introduction and Technical Challenges 02:37 Exploring UEFI Settings and Hardware Vulnerabilities 10:14 The Risks of UEFI Control and Physical Damage 16:33 Static Tundra: Cyber Espionage and Exploits 22:23 Targeting Vulnerable Infrastructure in Cyber Attacks 26:27 Emerging Threats in IoT and Network Devices 31:55 The Evolution of Malware: A Deep Dive 34:30 The Challenge of Securing IoT Devices 35:13 Impact of EU Cyber Resilience Act 38:14 Vulnerability Management and Vendor Responsibilities 41:54 Living Outside the Operating System: New Attack Vectors | — | ||||||
| 8/15/25 |  Interview with Brian Mullen from AMI - BTS #57 | In this episode of Below the Surface, host Paul Asadoorian is joined by Brian Mullen, head of SSDLC at AMI, to discuss the complexities of supply chain and firmware security. They explore the challenges of maintaining security in a complicated supply chain, the importance of proactive and reactive security measures, and the implications of end-of-life software. The conversation also touches on the gaming industry's push for secure boot, recent vulnerabilities discovered in firmware, and the role of BMCs in security. Brian shares insights into AMI's approach to vulnerability management and the future of firmware security, including the significance of Software Bill of Materials (SBOMs). Whitepaper: https://eclypsium.com/wp-content/uploads/OpenBMC-Security-in-Practice.pdf Chapters 00:00 Introduction and Technical Setup 01:46 The Challenges of Podcasting and Marketing 03:42 Understanding AMI and Its Role in Firmware Security 06:13 Supply Chain Complexity and Security Measures 08:49 Proactive vs Reactive Security in Firmware 11:17 The Importance of Stable Firmware in Security 13:54 Navigating Vulnerabilities in UEFI and OpenSSL 16:24 The Impact of Cherry-Picking Security Updates 19:11 Tracking Vulnerabilities Across the Supply Chain 21:50 Solutions for Data Center Firmware Management 24:21 Future Directions in Vulnerability Management 24:38 Navigating Vulnerability Management 28:30 End of Life and Support Challenges 31:55 Gaming Security and Anti-Cheat Mechanisms 35:38 The Complexity of Secure Boot Implementation 36:50 Recent Vulnerabilities and Security Research 39:44 Understanding BMC Security 43:34 Open Source and BMC Development 46:30 The Role of SBOMs in Security Compliance | — | ||||||
| 8/8/25 |  BTS #56 - Vulnerabilities & Backdoors In IT Infrastructure | In this episode, the hosts discuss various cybersecurity topics, focusing on Nvidia vulnerabilities, the implications of backdoors in technology, and the importance of secure boot and certificate management. They also delve into SonicWall's security challenges and the ongoing debate of building versus buying security solutions, particularly in the context of AI infrastructure and cloud services. Articles and topics for this week: https://blog.trailofbits.com/2025/08/04/uncovering-memory-corruption-in-nvidia-triton-as-a-new-hire/ https://mjg59.dreamwidth.org/72892.html - Secure Boot and certificates https://www.tomshardware.com/pc-components/gpus/nvidia-defiant-over-backdoors-and-kill-switches-in-gpus-as-u-s-mulls-tracking-requirements-calls-them-permanent-flaws-that-are-a-gift-to-hackers - https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-disable-sslvpn-amid-rising-attacks/ - https://www.darkreading.com/endpoint-security/shade-bios-technique-beats-security - Researcher's previous paper on SMM and malware: https://arxiv.org/abs/2405.04355 He presented at Blackhat last year on Option ROMS: https://www.blackhat.com/us-24/briefings/schedule/index.html#youve-already-been-hacked-what-if-there-is-a-backdoor-in-your-uefi-orom-39579 - YouTube video: https://www.youtube.com/watch?v=_S6EymfaBqQ | — | ||||||
| 7/24/25 |  Netgear, Gigabyte, and Rowhammer Vulnerabilities - BTS #55 | In this episode of Below the Surface, the hosts discuss critical cybersecurity topics including vulnerabilities in Netgear and Gigabyte devices, the importance of asset inventory, and the implications of Row Hammer attacks on memory integrity. They emphasize the need for organizations to implement compensating controls and monitor for potential threats, especially in the context of supply chain security and IoT devices. Chapters 00:00 Introduction to Cybersecurity Challenges 02:20 Exploring Netgear's Role in Enterprise Security 09:08 The Impact of Shadow IT on Network Security 15:04 Firmware Integrity and Security Measures 18:05 Gigabyte's UEFI Vulnerabilities and Industry Implications 22:25 Understanding UEFI Vulnerabilities 28:46 Consumer vs. Enterprise Hardware Security 35:06 Monitoring and Mitigating Firmware Risks 41:11 The Impact of ECC on AI Performance | — | ||||||
| 7/8/25 |  CVE-2024-54085: The First of Its Kind - BTS #54 | In this episode, the hosts delve into the critical vulnerabilities associated with Baseboard Management Controllers (BMCs), with a particular focus on CVE-2024-54085. They discuss the ease of exploitation, the potential threat actors involved, and the implications for data center security. The conversation highlights the challenges in detecting and mitigating these vulnerabilities, the importance of firmware updates, and the need for community tools to aid in vulnerability detection and mitigation. The episode concludes with a call to action for organizations to patch their systems and implement robust security measures. Chapters 00:00 Introduction to BMC Vulnerabilities 02:21 Exploring CVE 2024-54085 05:04 Understanding Exploitation and Threat Actors 07:47 The Implications of BMC Vulnerabilities 10:46 Mitigation Strategies and Challenges 13:35 The Future of BMC Security 28:36 Understanding BMC Vulnerabilities 36:24 The Importance of Disclosure and Community Tools 45:13 Navigating Firmware Updates and Vendor Challenges 52:19 Community Engagement and Future Considerations | — | ||||||
| 7/7/25 |  Exploring the Evolution of Zero Trust - BTS #53 | In this episode, the hosts discuss the evolving landscape of AI infrastructure security, focusing on the complexities of building and maintaining AI data centers. They explore the critical role of Baseboard Management Controllers (BMCs) as an attack surface, the importance of supply chain security, and best practices for hardware procurement. The conversation underscores the importance of validating hardware and firmware integrity for organizations while also addressing the significant security risks associated with AI workloads. As AI data centers continue to grow, understanding these challenges and implementing robust security measures will be essential for future success. Chapters 00:00 Introduction to Zero Trust and Its Evolution 03:33 Current State of Zero Trust Implementation 05:22 Micro-Segmentation and Infrastructure Security 10:02 Zero Trust and Lateral Movement Prevention 11:32 The Role of Zero Trust in Ransomware Defense 14:51 Chase Cunningham's Insights on Cyber Warfare 16:23 The Intersection of Cyber Warfare and Modern Conflicts 21:35 The Future of Warfare: Drones and Cybersecurity 24:01 Understanding the Drone Threat 28:28 The Evolution of Cyber Warfare 35:00 The State of Critical Infrastructure 39:26 The Economics of Breaches 44:29 Incentivizing Cybersecurity Improvements | — | ||||||
| 7/1/25 |  Securing the Future of AI Infrastructure - BTS #52 | In this episode, the hosts discuss the evolving landscape of AI infrastructure security, focusing on the complexities of building and maintaining AI data centers. They explore the critical role of Baseboard Management Controllers (BMCs) as an attack surface, the importance of supply chain security, and best practices for hardware procurement. The conversation underscores the importance of validating hardware and firmware integrity for organizations while also addressing the significant security risks associated with AI workloads. As AI data centers continue to grow, understanding these challenges and implementing robust security measures will be essential for future success. | — | ||||||
Showing 25 of 76
Pitch Fit is a Pro feature
See how bookable this show is for guests, which brands already advertise, the per-episode ad value, and the best-fit guest and sponsor profile. The numbers are blurred on the free plan.
How readily this show books outside guests like you.
How proven this show is for host-read sponsorships.
For Guests
ProFor Advertisers
ProUpgrade to Pro to unlock guest cadence, sponsor categories, fit scores, and per-episode ad value for this show.