Home Podcasts Below the Surface (Audio) - The Supply Chain Security Podcast
Below the Surface (Audio) - The Supply Chain Security Podcast

Below the Surface (Audio) - The Supply Chain Security Podcast

Eclypsium 76 Episodes Jun 30, 2026

A lively discussion of the threats affecting supply chain, specifically focused on firmware and low-level code that is a blind spot for many organizations. This podcast will feature guests from the cybersecurity industry discussing the problems surrounding supply chain-related issues and potential solutions.

Episodes

FortiBleed Uncovered: How Attackers Harvest Credentials from Fortinet Devices - BTS #77 Jun 30, 2026 54:49 In this episode, we delve into the recent FortiBleed campaign, exploring how attackers harvest credentials from Fortinet devices, the vulnerabilities in password management, and best practices for defenders to mitigate such threats. Key  topics FortiBleed campaign details and impact Password hash vulnerabilities in FortiOS AI's role in analyzing large security breaches Credential harvesting techn
Binwalk, Brickstorm, AI Model Madness - BTS #76 Jun 16, 2026 01:00:41  summary In this episode of Below the Surface, Paul Asadoorian, Chase Snyder, and Vlad Babkin discuss the implications of AI in cybersecurity, the challenges posed by AI guardrails, and the operational risks associated with applying patches. They also explore vulnerabilities in security tools like Binwalk, the complexities of firmware update tools, and the importance of transparency in software si
Secure Boot Certificates Expiring: What You Need to Know - BTS #75 Jun 3, 2026 55:48 In this episode of Below the Surface, the team discusses recent cybersecurity trends, including the Verizon DBIR 2026 report, secure boot certificate expirations, and the evolving threat landscape with AI and hardware vulnerabilities. They explore how organizations can adapt their defense strategies to stay ahead of attackers and share insights on supply chain security and malware analysis. http
YellowKey, CVE Enrichment, Chipmaker Breach - BTS #74 May 19, 2026 54:52 In this episode, we explore recent vulnerabilities, the YellowKey BitLocker bypass, supply chain security, CVE data analysis, and the implications of hardware breaches like the one at Foxconn. We also delve into AI's role in vulnerability research and the evolving landscape of cybersecurity threats. Topics https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-
Uncovering Firmware Risks: From Y2K to Modern Malware - BTS #73 May 7, 2026 55:01 In this episode of Below the Surface, hosts Paul Asadoorian, Chase Snyder, and guest Brian Richardson explore the evolution of firmware security, the risks of supply chain vulnerabilities, and the latest threats targeting network edge devices like Cisco ASA and FTD. They discuss historical malware like the Chernobyl virus, modern malware campaigns such as Firestarter, and the challenges of securin
AI-Powered Firmware Hacking: The Future of Vulnerability Discovery - BTS #72 Apr 17, 2026 58:59 In this episode, the hosts explore the latest in cybersecurity, including AI-driven vulnerability discovery, firmware analysis tools, secure boot complexities, and recent CVE trends. They discuss practical techniques for hacking devices, the challenges of firmware emulation, and the implications of new security policies on consumer and enterprise hardware. Chapters 00:00 Introduction to Hacking an
What Makes a Device a Router? - BTS #71 Apr 7, 2026 01:01:42  summary In this episode, the hosts discuss the new FCC regulations regarding consumer routers, exploring the implications for cybersecurity, the definitions of what constitutes a router, and the challenges of manufacturing compliant devices. They delve into the debate surrounding the effectiveness of these regulations in mitigating cyber risks, the role of hardware versus software vulnerabilities
How Cheap KVMs Could Be Your Network's Weak Link - BTS #70 Mar 25, 2026 01:02:56 In this episode, we explore the security vulnerabilities of low-cost IP-based KVMs, including firmware flaws, default credentials, and insecure update mechanisms. Two Eclypsium researchers, Paul and Rey, discovered the vulnerabilities and shared the details and behind-the-scenes details! We also discuss real-world testing, vendor responses, and best practices for securing remote management devices
Navigating Network Edge Vulnerabilities - BTS #69 Mar 5, 2026 01:04:13 In this episode of Below the Surface, Paul Asadoorian, Vlad Babkin, and Adrian Sanabria discuss the ongoing vulnerabilities in network edge devices, the implications of legacy systems like Avanti, and the strategies employed by threat actors. They explore the importance of monitoring and detection in cybersecurity, as well as innovative deception techniques to enhance security measures against exp
Attacking Power Grids - BTS #68 Feb 11, 2026 01:02:01 In this episode, the hosts discuss various cybersecurity threats, including Russian cyber attacks on critical infrastructure, the vulnerabilities in firewalls and VPNs, and the implications of AI in cybersecurity. They explore the increasing trend of using Python for malicious purposes and the challenges posed by gaming anti-cheat drivers. The conversation also touches on the escalation of cyber w
BIOS Password Cracking, Secure Boot, and Stackwarp - BTS #67 Jan 27, 2026 01:00:29 In this episode, the hosts discuss various cybersecurity topics, including the challenges of BIOS password cracking, the implications of AMD's Stack Warp vulnerability, and the importance of up-to-date secure boot certificates. They also explore the risks associated with network security appliances, the costs of cybersecurity, and the role of marketing in raising awareness. Additionally, they shar
Beyond the Label: The Truth About Hardware Trust - BTS #66 Jan 15, 2026 56:46 In this episode of Below the Surface, host Paul Asadoorian is joined by co-hosts Larry Pesci, Joshua Marpet, and Vlad Babkin to delve into the complexities of hardware supply chain security. The discussion is sparked by a presentation from Andrew 'Bunny' Wong at Black Hat Asia, which raised critical questions about how we can trust the silicon in our devices. The conversation explores the challeng

Recommended