NeverSecure

  • Home
  • About
  • January 15, 2023

    Damn Vulnerable DeFi – Naive Receiver

    We have two contracts, one is a pool with 1000 ETH, the other is a borrowing contract set up by a supposedly naive user. This contract currently has custody of 10 ETH and our task is to identify a vulnerability that will allow us to drain the contract when exploited. Reviewing the two contracts, we…

    Walkthroughs
    secure code, Smart Contracts, solidity
  • November 22, 2022

    Speaking at DEFCON Toronto

    I will be speaking next week at the DEFCON Toronto November 2022 meetup. The topic of my talk is “Attacking Ethereum Smart Contracts.” I will be discussing various risks and vulnerabilities associated with EVM based smart contracts featuring some real-world examples. If you are in the Toronto area on November 29th please attend! Slides will…

    Uncategorized
  • July 12, 2021

    Changing burpsuite versions on Kali Linux

    You may have used Burpsuite in the past and are now wondering why some features such as Spider are missing from newer versions. The following instructions will install an older version of burpsuite on Kali Linux and get the burpsuite Spider back. Head to Portswigger’s burp releases page and grab a legacy version that supports…

    Uncategorized
    Burpsuite, Kali, Spider
  • May 19, 2019

    VulnHub Walkthrough – Kioptrix #1

    Vulnhub link: kioptrix #1 I attempted (and succeeded) to root this box as part of my preparations for the OSCP exam. This was a very easy box to own (it is noted as ‘beginner’ for a reason) netdiscover to find the target host: In this case, our target is located at 192.168.174.129. Let’s run a…

    Penetration Testing, Walkthroughs
  • May 11, 2019

    Configuring Splunk and Snort On Your Home Network

    Prerequisites: A Windows/Linux machine capable of running Splunk and Snort. Basic networking knowledge. Basic knowledge of network/port scanning and a machine capable of doing so. Splunk is a SIEM (Security Information and Event Management) system used widely by Security analysts across the industry. There is a basic version available for free (with a limit of…

    Guides
    IDS, Security, SIEM, Snort, Splunk
  • January 6, 2018

    PHP Spot the Bug Challenge

    Recently I came across one of Securify‘s “spot the bug” challenges. The goal is to find one (or possibly more) critical vulnerabilities in the following code: <?php if (empty($_POST[‘hmac’] || empty($_POST[‘host’])) { header(‘HTTP/1.0 400 Bad Request’); exit; } $secret = getenv(“SECRET”); if (isset($_POST[‘nonce’])) $secret = hash_hmac(‘sha256’, $_POST[‘nonce’], $secret); $hmac = hash_hmac(‘sha256’, $_POST[‘host’], $secret); if ($hmac…

    Bug Hunting, Vulnerabilities
    php, secure code

Pixl ThemeBlog at WordPress.com.

 

Loading Comments...
 

    • Follow Following
      • NeverSecure
      • Already have a WordPress.com account? Log in now.
      • NeverSecure
      • Edit Site
      • Follow Following
      • Sign up
      • Log in
      • Report this content
      • View site in Reader
      • Manage subscriptions
      • Collapse this bar