-
Damn Vulnerable DeFi – Naive Receiver
We have two contracts, one is a pool with 1000 ETH, the other is a borrowing contract set up by a supposedly naive user. This contract currently has custody of 10 ETH and our task is to identify a vulnerability that will allow us to drain the contract when exploited. Reviewing the two contracts, we…
-
Speaking at DEFCON Toronto
I will be speaking next week at the DEFCON Toronto November 2022 meetup. The topic of my talk is “Attacking Ethereum Smart Contracts.” I will be discussing various risks and vulnerabilities associated with EVM based smart contracts featuring some real-world examples. If you are in the Toronto area on November 29th please attend! Slides will…
-
Changing burpsuite versions on Kali Linux
You may have used Burpsuite in the past and are now wondering why some features such as Spider are missing from newer versions. The following instructions will install an older version of burpsuite on Kali Linux and get the burpsuite Spider back. Head to Portswigger’s burp releases page and grab a legacy version that supports…
-
VulnHub Walkthrough – Kioptrix #1
Vulnhub link: kioptrix #1 I attempted (and succeeded) to root this box as part of my preparations for the OSCP exam. This was a very easy box to own (it is noted as ‘beginner’ for a reason) netdiscover to find the target host: In this case, our target is located at 192.168.174.129. Let’s run a…
-
Configuring Splunk and Snort On Your Home Network
Prerequisites: A Windows/Linux machine capable of running Splunk and Snort. Basic networking knowledge. Basic knowledge of network/port scanning and a machine capable of doing so. Splunk is a SIEM (Security Information and Event Management) system used widely by Security analysts across the industry. There is a basic version available for free (with a limit of…
-
PHP Spot the Bug Challenge
Recently I came across one of Securify‘s “spot the bug” challenges. The goal is to find one (or possibly more) critical vulnerabilities in the following code: <?php if (empty($_POST[‘hmac’] || empty($_POST[‘host’])) { header(‘HTTP/1.0 400 Bad Request’); exit; } $secret = getenv(“SECRET”); if (isset($_POST[‘nonce’])) $secret = hash_hmac(‘sha256’, $_POST[‘nonce’], $secret); $hmac = hash_hmac(‘sha256’, $_POST[‘host’], $secret); if ($hmac…