BHIS | Demystifying Web3 Attack Vectors, with Beau Bullock and Steve Borosh | 1 Hour
ฝัง
- เผยแพร่เมื่อ 20 มิ.ย. 2024
- Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- www.blackhillsinfosec.com
00:00 - Demystifying Web3 Attack Vectors, with Beau Bullock and Steve Borosh
02:07 - About Us
03:05 - Topic Roadmap
04:44 - What is Web 3
08:04 - Web3 - Backend
10:41 - Repeat Offender
11:39 - Ethereum Name Service (ENS)
13:03 - Keys to the Kingdom
15:08 - Social Engineering
15:30 - Private Key and Seed Theft
17:20 - Token Approvals
20:21 - Malicious Token Airdrops
21:45 - Discord Hacks
26:45 - SIM Swaps
27:32 - Rugpulls
29:44 - Honey Contracts
31:21 - Offensive dApps
32:48 - Web 2 Attacks Affecting Web3 Apps
32:59 - WebApp Frontend Attacks
35:27 - Node Compromise
37:20 - Traditional Vulnerabilities
39:37 - Administrative Issues
41:57 - Centralized Exchange Attacks
43:06 - Cloud-Hosted Secrets
44:07 - Smart Contract Attacks
48:25 - What Are Attackers Doing With Stolen Funds? | Transaction Tracking (Blockchain Explorers)
49:31 - Transaction Tracking (Debuggers)
50:20 - Tracking Transactions (Investigation Tools)
52:21 - Mixing
54:12 - Tornado Deposits Discord Bot
55:06 - Cash-Out
55:49 - Start Hacking Web3
56:02 - Web3 Books
56:13 - Solidity Coding
56:46 - Web3 CTFs
57:16 - Web 3 Bug Bounties
57:40 - Blockchain HAX Quickstart Hacking Guide
58:04 - Key Takeaways
59:26 - Follow Us Resources | The End
59:50 - Post-Show Banter & Questions
Description: In 2021, an estimated $10 billion was lost due to attacks against DeFi applications. This webcast will highlight many of the common security issues plaguing the web3 ecosystem. Ways that attackers can steal funds and NFTs via social engineering attacks will be discussed. Web3 applications can be susceptible to common web2 frontend and backend vulnerabilities, but with an added layer of complexity.
Slides:s1hb.sharepoint.com/Content&C...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest TH-cam: / wildwesthackinfest
Active Countermeasures TH-cam: / activecountermeasures
Antisyphon Training TH-cam: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #infosec
