Become a Certified Metasploit Expert (CME)!
Buy the Metasploit Test Prep Videos and Receive A Voucher to Take The Test for FREE!
#metasploit #cybersecurity #cyberwarrior
white-hat-hacker.com/certified-metaโฆ
hackers-arise.com/blank-1
Buy the Metasploit Test Prep Videos and Receive A Voucher to Take The Test for FREE!
#metasploit #cybersecurity #cyberwarrior
white-hat-hacker.com/certified-metaโฆ
hackers-arise.com/blank-1
D-Squared@
Hereโs the video walkthrough - https://youtu.be/1RQSwj8h8rM
Additionally, I send out a weekly email newsletter relating to crypto security if youโre interested, subscribe here - https://eepurl.com/gLhH9r
P.S. Also, if there are other communities you think would be interested in explainer series like this, feel free to share.
discord: Hey folks - Hereโs another video on this ZK learning journey. This time around weโre focusing on common ZK vulnerabilities found within Circom and similar ZK domain specific languages. Hereโs the video walkthrough - https://youtu.be/1RQSwj8h8rM
Additionally, I send out a weekly email newsletter relating to crypto security if youโre interested, subscribe here - https://eepurl.com/gLhH9r
P.S. Also, if there are other communities you think would be interested in explainer series like this, feel free to share.
YouTube
Common Zero-Knowledge Proof Vulnerabilities
Get the free 30-day AI Mastery series ๐: https://insights.gradientlabs.co/
Work with me ๐ช: https://offerings.gradientlabs.co/ Today on our zero-knowledge-proof learning journey weโre focusing on common vulnerabilities found in ZK programs. Big shout outโฆ
Work with me ๐ช: https://offerings.gradientlabs.co/ Today on our zero-knowledge-proof learning journey weโre focusing on common vulnerabilities found in ZK programs. Big shout outโฆ
Forwarded from EthSecurity
The Interest Protocol token sale contract has a bug that allows admins to take all IPT tokens before purchasers can claim them.
The admin withdraw() method does not check if it has already been called - withdraw() can be called repeatedly to drain the entire contract of IPT.
The admin withdraw() method does not check if it has already been called - withdraw() can be called repeatedly to drain the entire contract of IPT.
|How I Hacked my Car|
๐How I Hacked my Car part 1
๐How I Hacked my Car Part 2: Making a Backdoor
๐How I Hacked my Car Part 3: Making Software
๐How I Hacked my Car part 1
๐How I Hacked my Car Part 2: Making a Backdoor
๐How I Hacked my Car Part 3: Making Software
Programming With Style
How I Hacked my Car
Note: As of 2022/10/25 the information in this series is slightly outdated. See Part 5 for more up to date information.
The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wirelessโฆ
The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wirelessโฆ
Some Users were attacked recently, scammers used a tiny camera, mended in a sunglasses (they were able to see the seed phrase over the shoulder).
recover Platypus stolen funds.
Date: 17/02/23
Blockchain: ETH
Problem: Exploiter contract is missing withdraw function, access control.
The Platypus hack is a very interesting event in the DeFi history, first of all that is because the hacker was found after some on-chain investigation because of using ENS. The second reason is because a part of funds were frozen on the attacker contract because of the mistake during the exploit.
The Platypus:
1) Updated contracts.
2) Called flash loan callback function on attacker contract, which approves hacker funds on the contract to the Platypus.
3) Transfer funds from the hacker.
Discoverer: BlockSec.
Recovered: 2.4 M $
link
Date: 17/02/23
Blockchain: ETH
Problem: Exploiter contract is missing withdraw function, access control.
The Platypus hack is a very interesting event in the DeFi history, first of all that is because the hacker was found after some on-chain investigation because of using ENS. The second reason is because a part of funds were frozen on the attacker contract because of the mistake during the exploit.
The Platypus:
1) Updated contracts.
2) Called flash loan callback function on attacker contract, which approves hacker funds on the contract to the Platypus.
3) Transfer funds from the hacker.
Discoverer: BlockSec.
Recovered: 2.4 M $
link
X (formerly Twitter)
ZachXBT (@zachxbt) on X
Hi @retlqw since you deactivated your account after I messaged you.
I've traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges.
Weโd like to negotiate returning of the funds before we engageโฆ
I've traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges.
Weโd like to negotiate returning of the funds before we engageโฆ
๐ฅ1
Guys do you want to be more engage with smart contract security in private group? If yes leave a comment
๐ง Multisig exploiter is laundering fund through eXch.
eXch is a non-KYC exchange
eXch is a non-KYC exchange
Bridge risk framework
๐ดBridge types:
๐Native bridges:
user move asset from base chain to other chain
๐General bridges: liquidity providers
๐ดBridge participants:
๐Bridge users
๐Passive liquidity provider
๐Message Relayer
๐ดAttack surface Area
๐smart contract vulnerabilities
๐Compromised signer keys
๐Reorgs
๐Malicious RPCs or node vulnerabilities
๐Challenge windows/censorship attacks
๐ดBridge types:
๐Native bridges:
user move asset from base chain to other chain
๐General bridges: liquidity providers
๐ดBridge participants:
๐Bridge users
๐Passive liquidity provider
๐Message Relayer
๐ดAttack surface Area
๐smart contract vulnerabilities
๐Compromised signer keys
๐Reorgs
๐Malicious RPCs or node vulnerabilities
๐Challenge windows/censorship attacks