Smart Contract Hacking Chapter 1 - Solidity for Penetration Testers Part 1...
Note: We will start off our Smart Contract Hacking journey with some basic solidity programming in the first two weeks. After that we will ramp things up and get a little crazy deploying blockchains...
View ArticleSmart Contract Hacking Chapter 2 – Solidity for Penetration Testers Part 2
Beyond Hello WorldThis will be our last week of basics before we hop into actual vulnerabilities. In the last chapter, we covered a lot of differences between solidity and a traditional language and...
View ArticleClik here to view.
Smart Contract Hacking Chapter 3 – Attacking Integer Underflows and Overflows
Integer overflow and underflows often occur when user supplied data controls the value of an unsigned integer. The user supplied data either adds to or subtracts beyond the limits the variable type...
View ArticleClik here to view.
Smart Contract Hacking Chapter 4 – Attacking Reentrancy Vulnerabilities
Reentrancy IntroIn this chapter we will take a look at bypassing incorrectly coded value transaction patterns within Ethereum smart contracts. These incorrectly coded patterns can lead to Reentrancy...
View ArticleClik here to view.
Smart Contract Hacking Chapter 5 - Understanding and Attacking Authentication...
In this chapter we will take a look at bypassing UI restrictions using Indirect Object Reference (IDOR) vulnerabilities to bypass unprotected functionality. We will then take a look at various...
View ArticleClik here to view.
Smart Contract Hacking Chapter 6 - Phishing Users With Malicious DAPS via...
Authorization on a smart contract can sometimes be a tricky endeavor. There are many things that are easily coded incorrectly, for example public functions, unpublished functions, delegate calls and...
View ArticleClik here to view.
Smart Contract Hacking Chapter 7 - Delegate Call Attack Vectors
How delegate calls work:Often while writing smart contracts we will want to call functions within other contracts either to leverage functionality within the other contract or for upgradability...
View ArticleClik here to view.
Smart Contract Hacking Final Free Chapter - Hacking Games Via Bad Randomness...
This is our final free chapter in this smart contract hacking series, hopefully you enjoyed it, I am not sure what I am going to work on next, perhaps some malware analysis, reverse engineering or...
View ArticleProxying Newer Versions of Android with Genymotion
I did a quick video last night for someone on proxying the newer version of Android SDK with Genymotion as the changes back in version 7 make it a bit more difficult to proxy https traffic and I get a...
View ArticleSmart Contract Hacking Course Update
Check out the video below for the update on this course announced last year. In a nutshell 75% of it is already free on YouTube, and the rest will also now be released for free piece by piece as...
View ArticleClik here to view.
Open Sesame (dlink - CVE-2012-4046)
A couple weeks ago a vulnerability was posted for the dlink DCS-9xx series of cameras. The author of the disclosure found that the setup application that comes with the camera is able to send a...
View ArticleBlockchain Forensics R&D with Python - Tracking Attackers, Etherscan API...
Added a new playlist over the last few weeks, its up to about 8 videos now which starts out writing code to monitor attackers address changes on the blockchain followed by using EtherScan API's to...
View ArticleBlockchain Decentralized Application Hacking Course Part 2 - A Continuation...
New Course Announcement: Python Based Blockchain Hacking, Smart Contract exploitation and AutomationTwitter: https://twitter.com/ficti0nWebsite: http://cclabs.ioThis is the course announcement for...
View ArticleWeb3 Smart Contract and Blockchain Hacking with Python Free Course Section 1
Below is the full playlist and the outline for Section 1 the Web3 Hacking in Python course.. This is the most in-depth python based web3 material I have seen anywhere online. Section 1 is the...
View ArticleNew Consulting Series Financial Statement Workshop
I added a new video to the consulting series playlist today... This is for creating and managing your personal financial statements, your budgeting of income/expenses from various sources and how to...
View ArticleReal World Social Engineering - Turning life into a Penetration Test or one...
In this video you will learn all the things they never told on how to become a badass social engineer.. Instead of wasting time learning sneaky tactics to "Engineer" the outcome.. We focus on the part...
View ArticleLearning Binary Ninja For Reverse Engineering and Scripting
Recently added a new playlist with about 1.5 hours of Binary Ninja Content so far.. Video 1: I put this out a couple months ago covering use cases and reversing flows as well as some basic...
View ArticleReal World Social Engineering Part 2: Integrating SE With Stealth Badge...
Below is a video on using stealth readers with social engineering to gain access to physical targets on your penetration tests.. This is all based off real world engagements and actual use.. Not...
View ArticleLearning Binary Ninja for Reverse Engineering - Integrating AI workflows to...
In this video we run through creating Keygens from binaries to bypass software restrictions using AI prompts where relevant to help us code our own keygens and understand algorithms. Example Binaries:...
View ArticleFilling in the Gaps of your foundational Knowlege
Hacking is basically just abuse of foundational knowledge.Seriously, its about foundational knowledge. So learn it!!So the new kids don't come from CS and EE backgrounds as often anymore.With just...
View Article