A weekly newsletter for smart and curious people interested in security, technology, and smartcontracts
Everything I'll Forget About Prompting LLMs, Analysis of Obfuscations in Apple Fairplay, How Malicious Code Can Sneak Into Your GitHub Actions Workflows
Security Pills14 days ago
50 Shades of Vulnerabilities, State of Cloud Security, Adversarial Attacks on LLMs
Security Pills7 days ago
The Architecture of Today's LLM Applications, Attacking GitLab CI/CD via Shared Runners, Detecting Browser Credential Stealing
Security Pills2 minutes ago
Java Exploitation Restrictions in Modern JDK Times, Meterpreter vs Modern EDRs, How to Bypass Cloudflare in 2023
7 months ago
Effective Active Subdomain Enumeration with Patterns, Hacking Play-To-Earn Blockchain Games, Rule Writing for CodeQL and Semgrep
The case for improving crypto wallet security, How to avoid the aCropalypse, Taking over any DNSSEC name on ENS
8 months ago
Fuel VM Binary Analysis, The curl quirk that exposed Burp Suite & Google Chrome, Decipher EVM Puzzles game
Five myths about formally verifying smart contracts, Exploring unconfirmed transactions for effective Bitcoin address clustering
Heuristics for smart contracts, Abusing HTTP Hop-by-hop headers, Bitcoin Address Clustering
The ABCs of Ethereum Virtual Machine, Overview of the Inflation Attack, Practical Introduction to CodeQL
9 months ago
Reusable properties for Ethereum contracts, GitHub Security Lab audited DataHub, Demystifying Exploitable Bugs in Smart Contracts
How BlockSec Rescued Stolen Funds, OWASP Kubernetes Top 10, Zero Transfer Phishing
Server-side prototype pollution, Entering the Huff ecosystem, RCE in your Azure Web Service
Security Pills9 months ago
Fearless CORS, Top 10 web hacking techniques of 2022, Cracking the Odd Case of Randomness in Java
Learning CodeQL, Bonq Protocol Got Bonked for $120M, Breaking Docker Named Pipes SYSTEMatically
Security Pills10 months ago
Scaling Continuous Security, Setting Bear Traps in the Dark Forest, Exploiting Hardcoded Keys to Achieve RCE
An Incomplete Guide to Stealth Addresses, Bypassing Authorization in GC Workstations, Manipulating AES Traffic Using a Chain of Proxies and Hardcoded Keys
How to Analyze Bitcoin Data with SQL, Fake Token Trendy, Vulnerable Spots of Lending Protocols
Web Hackers vs The Auto Industry, Security in the Age of LLMS, Circom-Pairing: A Million-Dollar Zk Bug Caught Early.
Security Pillsa year ago
Entering The Dark Forest, EVM Contract Construction, Turning Google Smart Speakers into Wiretaps for $100k
Statistical Attacks on Proof of Solvency, Rediscovering Smart Contracts Honeypots, Reversing the EVM: Raw CALLDATA
Ethereum Smart Contract Auditor's 2022 Rewind, Decentralized Identity Attack Surface, SushiSwap Kashi Vulnerability Disclosed
Abusing JSON-Based SQL to Bypass WAF, Some Ways To Use ZK-SNARKs for Privacy, Alternatives to Tornado Cash
Subdomain Enumeration with DNSSEC, Visual Studio Code: RCE, Specialized Zero-Knowledge Proof Failures
Scaling Security Automation with Docker, So You Want to Get Into Bug Bounties?, How I Could Drain an Entire Blockchain