Behind the Binary by Google Cloud Security
Welcome to Behind the Binary, the podcast that introduces you to the fascinating people, technology, and tools driving the world of reverse engineering. Join your host, Josh Stroschein, a reverse engineer with the FLARE team at Google, and someone passionate about sharing knowledge and shedding light on the art of reverse engineering, as he sits down with intriguing guests to explore the human side of this profession.
Behind the Binary goes beyond the code, sharing the stories, motivations, and unique perspectives of the individuals who dedicate their lives to unraveling the complexities of technology. We'll hear about their journeys into the field, the challenges they face, and the impact their work has on securing our digital world.
Whether you're a seasoned malware analyst, a software developer, a security researcher, or just someone curious about the world of reverse engineering, Behind the Binary offers insightful and engaging conversations for everyone interested in this fascinating field.
Behind the Binary by Google Cloud Security
EP23 Immutable C2: How EtherHiding and Frontend Attacks are Weaponizing the Blockchain
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode, we are joined by Robert Wallace, Joseph Dobson, and Blas Kajusner to dissect the new "Hybrid Heist." The panel argues that the era of isolated crypto-theft is over; sophisticated actors are now targeting the Web2 layer—the frontends, the developer workstations, and the cloud infrastructure—to bypass the immutability of the chain itself.
We also break down "Ether Hiding," a technique where attackers store malware payloads directly on the blockchain to create an unstoppable Command & Control (C2) infrastructure that cannot be taken down by traditional authorities.
THE SESSION:
- Immutable C2 (Ether Hiding): How threat actors are updating smart contract state variables to serve second-stage malware payloads, effectively turning the blockchain into a "dead drop resolver" that ignores domain blocks and takedown requests.
- The Hybrid Attack Surface: Why the massive Bybit heist wasn't a failure of cryptography, but a Web2 frontend attack on the "Safe Wallet" interface that tricked users into signing transactions they couldn't see.
- The "OpSec" Crisis: Why smart contract developers are the new "Domain Admins," and how simple phishing campaigns against personal devices are leading to nine-figure losses.
- The "Choke Point" Vulnerability: Why the decentralized ecosystem is still entirely dependent on centralized on-ramps and off-ramps, and how this dependency creates a "kill chain" that defenders can disrupt.
- Governance Attacks: The shift from exploiting code to exploiting consensus—how attackers are buying enough tokens to legally vote themselves the contents of a project's treasury.
Join the Community
- Research Hub: Threat research, training events and news:
https://cloud.google.com/security/flare - The FLARE Insider: Get community updates and announcements. To subscribe, email flare-external@google.com
FOLLOW THE SHOW:
- Subscribe: Apple Podcasts | Spotify | YouTube