A weekly newsletter for smart and curious people interested in security, technology, and smartcontracts
Connect
Fuel VM Binary Analysis, The curl quirk that exposed Burp Suite & Google Chrome, Decipher EVM Puzzles game
6 months ago
The case for improving crypto wallet security, How to avoid the aCropalypse, Taking over any DNSSEC name on ENS
Effective Active Subdomain Enumeration with Patterns, Hacking Play-To-Earn Blockchain Games, Rule Writing for CodeQL and Semgrep
5 months ago
Java Exploitation Restrictions in Modern JDK Times, Meterpreter vs Modern EDRs, How to Bypass Cloudflare in 2023
Five myths about formally verifying smart contracts, Exploring unconfirmed transactions for effective Bitcoin address clustering
Heuristics for smart contracts, Abusing HTTP Hop-by-hop headers, Bitcoin Address Clustering
The ABCs of Ethereum Virtual Machine, Overview of the Inflation Attack, Practical Introduction to CodeQL
7 months ago
Reusable properties for Ethereum contracts, GitHub Security Lab audited DataHub, Demystifying Exploitable Bugs in Smart Contracts
How BlockSec Rescued Stolen Funds, OWASP Kubernetes Top 10, Zero Transfer Phishing
Server-side prototype pollution, Entering the Huff ecosystem, RCE in your Azure Web Service
Security Pills7 months ago
Fearless CORS, Top 10 web hacking techniques of 2022, Cracking the Odd Case of Randomness in Java
Learning CodeQL, Bonq Protocol Got Bonked for $120M, Breaking Docker Named Pipes SYSTEMatically
Security Pills8 months ago
Scaling Continuous Security, Setting Bear Traps in the Dark Forest, Exploiting Hardcoded Keys to Achieve RCE
An Incomplete Guide to Stealth Addresses, Bypassing Authorization in GC Workstations, Manipulating AES Traffic Using a Chain of Proxies and Hardcoded Keys
How to Analyze Bitcoin Data with SQL, Fake Token Trendy, Vulnerable Spots of Lending Protocols
Web Hackers vs The Auto Industry, Security in the Age of LLMS, Circom-Pairing: A Million-Dollar Zk Bug Caught Early.
Security Pills9 months ago
Entering The Dark Forest, EVM Contract Construction, Turning Google Smart Speakers into Wiretaps for $100k
Statistical Attacks on Proof of Solvency, Rediscovering Smart Contracts Honeypots, Reversing the EVM: Raw CALLDATA
Ethereum Smart Contract Auditor's 2022 Rewind, Decentralized Identity Attack Surface, SushiSwap Kashi Vulnerability Disclosed
Abusing JSON-Based SQL to Bypass WAF, Some Ways To Use ZK-SNARKs for Privacy, Alternatives to Tornado Cash
Security Pills10 months ago
Subdomain Enumeration with DNSSEC, Visual Studio Code: RCE, Specialized Zero-Knowledge Proof Failures
Scaling Security Automation with Docker, So You Want to Get Into Bug Bounties?, How I Could Drain an Entire Blockchain
From Self-Hosted GitHub Runner to Self-Hosted Backdoor, You Could Have Found the Nomad Hack, Stealing Passwords from Infosec Mastodon
Earn $200k by Fuzzing for a Weekend, Decoding brahTOPG Smart Contract Vulnerability, Deribit's $28 Million Hot Wallet Hack
The OpenSSL Punycode Vulnerability, Analyzing an MEV Bot's Arbitrage on Ethereum, DAO Voting Vulnerabilities
Security Pillsa year ago