Behind the Binary by Google Cloud Security

In this episode, we are joined by Robert Wallace, Joseph Dobson, and Blas Kajusner to dissect the new "Hybrid Heist." The panel argues that the era of isolated crypto-theft is over; sophisticated actors are now targeting the Web2 layer—the frontends, the developer workstations, and the cloud infrastructure—to bypass the immutability of the chain itself.
We also break down "Ether Hiding," a technique where attackers store malware payloads directly on the blockchain to create an unstoppable Command & Control (C2) infrastructure that cannot be taken down by traditional authorities.
THE SESSION:
Immutable C2 (Ether Hiding): How threat actors are updating smart contract state variables to serve second-stage malware payloads, effectively turning the blockchain into a "dead drop resolver" that ignores domain blocks and takedown requests.
The Hybrid Attack Surface: Why the massive Bybit heist wasn't a failure of cryptography, but a Web2 frontend attack on the "Safe Wallet" interface that tricked users into signing transactions they couldn't see.
The "OpSec" Crisis: Why smart contract developers are the new "Domain Admins," and how simple phishing campaigns against personal devices are leading to nine-figure losses.
The "Choke Point" Vulnerability: Why the decentralized ecosystem is still entirely dependent on centralized on-ramps and off-ramps, and how this dependency creates a "kill chain" that defenders can disrupt.
Governance Attacks: The shift from exploiting code to exploiting consensus—how attackers are buying enough tokens to legally vote themselves the contents of a project's treasury.
Join the Community
Research Hub: Threat research, training events and news:
https://cloud.google.com/security/flare
The FLARE Insider: Get community updates and announcements. To subscribe, email [email protected]
FOLLOW THE SHOW:
Subscribe: Apple Podcasts | Spotify | YouTube

"Skilled adversaries have a 100% success rate against all of the defenses that we know about."
In this episode, Kevin Harris defends that claim. We move past the standard "AI Safety" talking points to distinguish between the two attack vectors confusing the industry: Prompt Injection (an application-layer failure) vs. Jailbreaking ("gaslighting" the model via context shifting).
Kevin argues that we haven't actually invented AI yet—we've just built a mirror that reflects our own intelligence (and psychosis) back at us. We also dissect the new model context protocol (MCP) and why giving "discretion" to agents that cannot think is potentially repeating the security mistakes of Web 2.0.
THE SESSION:
The "Pirate" Jailbreak: Why telling a model to be a pirate isn't just a party trick—it's a method of shifting the context window to bypass refusal patterns.
The 100% Failure Rate: Why current defenses are only speed bumps for skilled adversaries, and why you are attacking the application, not the model.
"There Is No AI": Kevin’s theory on why LLMs are just "predictive text made 3 orders of magnitude better" and the danger of "AI-induced psychosis".
The Agentic Threat (MCP): A deep dive into the model context protocol. Why client-side authorization is the new "Browser Security" battleground, and why we are handing "table saws" to users who don't know how to use them.
The Fix: Why "Attention Functions" are the key to understanding (and securing) the future of these models.
Join the Community
Research Hub: Threat research, training events and news:
https://cloud.google.com/security/flare
The FLARE Insider: Get community updates and announcements. To subscribe, email [email protected]
FOLLOW THE SHOW:
Subscribe: Apple Podcasts | Spotify | YouTube

In this episode, Dhillon Kannabhiran shares the gritty origin story of Hack in the Box (HITB), detailing how he dug a $20k financial hole to launch the first event in Malaysia before building it into a global brand.
The conversation moves beyond conferences to explore the cutting edge of technology and creativity. Dhillon explains why "agentic" systems (like Xbow) signal the end of hand-built exploits and discusses the unique challenges of securing Web3 smart contracts. We also dive into the intersection of math and music, how AI tools like Suno are changing art, and why the "hacker ethos" applies to everything from bug bounties to content creation.
Get the latest from FLARE's community efforts: Email [email protected] to join our mailing list for important announcements. Your information will not be shared and is used only for this purpose.
Join the Community
Research Hub: Threat research, training events and news:
https://cloud.google.com/security/flare
The FLARE Insider: Get community updates and announcements. To subscribe, email [email protected]
FOLLOW THE SHOW:
Subscribe: Apple Podcasts | Spotify | YouTube

In this episode, we get a unique look at the history of Windows through the eyes of one of its leading experts, Pavel Yosifovich. We delve into his fascinating origin story, including the "fluke" that led him to become the author of the legendary Windows Internals series, and why he describes himself as a developer who "hates security."
The conversation explores the most significant foundational changes in Windows kernel design, specifically the architectural shift toward Virtualization-Based Security (VBS) and the long-term strategy behind the "Secure Kernel." We discuss the ever-evolving landscape of EDRs, the reality of kernel-level threats, and the impact AI and memory-safe languages like Rust will have on future development. This episode offers valuable insights for reverse engineers and developers interested in the big-picture trends that have shaped—and will continue to shape—the world of operating system design.
Get the latest from FLARE's community efforts: Email [email protected] to join our mailing list for important announcements. Your information will not be shared and is used only for this purpose.
Join the Community
Research Hub: Threat research, training events and news:
https://cloud.google.com/security/flare
The FLARE Insider: Get community updates and announcements. To subscribe, email [email protected]
FOLLOW THE SHOW:
Subscribe: Apple Podcasts | Spotify | YouTube

In this episode, we’re joined by Nino Isakovic, a long-time low-level security expert, for a thought-provoking conversation that spans the foundational and the cutting-edge. Nino discusses the art of deconstructing problems—sharing insights on how to learn effectively, the building blocks of a robust RE toolkit, and the critical shift required in our analytical approach. We then transition into the front lines of threat intelligence, where Nino discusses the specific challenges of analyzing sophisticated adversary tools. This includes systems like ORB Networks and a detailed look at his discovery of the ScatterBrain obfuscating compiler. Tune in for a full-spectrum discussion on what it takes to thrive in reverse engineering.
ScatterBrain blog post: https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator?e=48754805
Get the latest from FLARE's community efforts: Email [email protected] to join our mailing list for important announcements. Your information will not be shared and is used only for this purpose.

Join the Community
Research Hub: Threat research, training events and news:
https://cloud.google.com/security/flare
The FLARE Insider: Get community updates and announcements. To subscribe, email [email protected]
FOLLOW THE SHOW:
Subscribe: Apple Podcasts | Spotify | YouTube