Become a Certified Metasploit Expert (CME)!
Buy the Metasploit Test Prep Videos and Receive A Voucher to Take The Test for FREE!
#metasploit #cybersecurity #cyberwarrior
white-hat-hacker.com/certified-meta…
hackers-arise.com/blank-1
Buy the Metasploit Test Prep Videos and Receive A Voucher to Take The Test for FREE!
#metasploit #cybersecurity #cyberwarrior
white-hat-hacker.com/certified-meta…
hackers-arise.com/blank-1
D-Squared@
Here’s the video walkthrough - https://youtu.be/1RQSwj8h8rM
Additionally, I send out a weekly email newsletter relating to crypto security if you’re interested, subscribe here - http://eepurl.com/gLhH9r
P.S. Also, if there are other communities you think would be interested in explainer series like this, feel free to share.
discord: Hey folks - Here’s another video on this ZK learning journey. This time around we’re focusing on common ZK vulnerabilities found within Circom and similar ZK domain specific languages. Here’s the video walkthrough - https://youtu.be/1RQSwj8h8rM
Additionally, I send out a weekly email newsletter relating to crypto security if you’re interested, subscribe here - http://eepurl.com/gLhH9r
P.S. Also, if there are other communities you think would be interested in explainer series like this, feel free to share.
YouTube
Common Zero-Knowledge Proof Vulnerabilities
Get the free 30-day AI Mastery series 💌: https://insights.gradientlabs.co/
Work with me 💪: https://offerings.gradientlabs.co/ Today on our zero-knowledge-proof learning journey we’re focusing on common vulnerabilities found in ZK programs. Big shout out…
Work with me 💪: https://offerings.gradientlabs.co/ Today on our zero-knowledge-proof learning journey we’re focusing on common vulnerabilities found in ZK programs. Big shout out…
Forwarded from EthSecurity
The Interest Protocol token sale contract has a bug that allows admins to take all IPT tokens before purchasers can claim them.
The admin withdraw() method does not check if it has already been called - withdraw() can be called repeatedly to drain the entire contract of IPT.
The admin withdraw() method does not check if it has already been called - withdraw() can be called repeatedly to drain the entire contract of IPT.
|How I Hacked my Car|
🚘How I Hacked my Car part 1
🚘How I Hacked my Car Part 2: Making a Backdoor
🚘How I Hacked my Car Part 3: Making Software
🚘How I Hacked my Car part 1
🚘How I Hacked my Car Part 2: Making a Backdoor
🚘How I Hacked my Car Part 3: Making Software
Programming With Style
How I Hacked my Car
Note: As of 2022/10/25 the information in this series is slightly outdated. See Part 5 for more up to date information.
The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wireless…
The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wireless…
Some Users were attacked recently, scammers used a tiny camera, mended in a sunglasses (they were able to see the seed phrase over the shoulder).
recover Platypus stolen funds.
Date: 17/02/23
Blockchain: ETH
Problem: Exploiter contract is missing withdraw function, access control.
The Platypus hack is a very interesting event in the DeFi history, first of all that is because the hacker was found after some on-chain investigation because of using ENS. The second reason is because a part of funds were frozen on the attacker contract because of the mistake during the exploit.
The Platypus:
1) Updated contracts.
2) Called flash loan callback function on attacker contract, which approves hacker funds on the contract to the Platypus.
3) Transfer funds from the hacker.
Discoverer: BlockSec.
Recovered: 2.4 M $
link
Date: 17/02/23
Blockchain: ETH
Problem: Exploiter contract is missing withdraw function, access control.
The Platypus hack is a very interesting event in the DeFi history, first of all that is because the hacker was found after some on-chain investigation because of using ENS. The second reason is because a part of funds were frozen on the attacker contract because of the mistake during the exploit.
The Platypus:
1) Updated contracts.
2) Called flash loan callback function on attacker contract, which approves hacker funds on the contract to the Platypus.
3) Transfer funds from the hacker.
Discoverer: BlockSec.
Recovered: 2.4 M $
link
X (formerly Twitter)
ZachXBT (@zachxbt) on X
Hi @retlqw since you deactivated your account after I messaged you.
I've traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges.
We’d like to negotiate returning of the funds before we engage…
I've traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges.
We’d like to negotiate returning of the funds before we engage…
🔥1
Guys do you want to be more engage with smart contract security in private group? If yes leave a comment
🧐 Multisig exploiter is laundering fund through eXch.
eXch is a non-KYC exchange
eXch is a non-KYC exchange
Bridge risk framework
🔴Bridge types:
📍Native bridges:
user move asset from base chain to other chain
📍General bridges: liquidity providers
🔴Bridge participants:
📍Bridge users
📍Passive liquidity provider
📍Message Relayer
🔴Attack surface Area
📍smart contract vulnerabilities
📍Compromised signer keys
📍Reorgs
📍Malicious RPCs or node vulnerabilities
📍Challenge windows/censorship attacks
🔴Bridge types:
📍Native bridges:
user move asset from base chain to other chain
📍General bridges: liquidity providers
🔴Bridge participants:
📍Bridge users
📍Passive liquidity provider
📍Message Relayer
🔴Attack surface Area
📍smart contract vulnerabilities
📍Compromised signer keys
📍Reorgs
📍Malicious RPCs or node vulnerabilities
📍Challenge windows/censorship attacks