Sign in to confirm you’re not a bot
This helps protect our community. Learn more

BHIS | Demystifying Web3 Attack Vectors, with Beau Bullock and Steve Borosh | 1 Hour

Black Hills Information Security
66.5K subscribers
5.6K views 2 years ago #infosec #bhis
Join us in the Black Hills InfoSec Discord server here:   / discord   to keep the security conversation going! Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- https://www.blackhillsinfosec.com 00:00 - Demystifying Web3 Attack Vectors, with Beau Bullock and Steve Borosh 02:07 - About Us 03:05 - Topic Roadmap 04:44 - What is Web 3 08:04 - Web3 - Backend 10:41 - Repeat Offender 11:39 - Ethereum Name Service (ENS) 13:03 - Keys to the Kingdom 15:08 - Social Engineering 15:30 - Private Key and Seed Theft 17:20 - Token Approvals 20:21 - Malicious Token Airdrops 21:45 - Discord Hacks 26:45 - SIM Swaps 27:32 - Rugpulls 29:44 - Honey Contracts 31:21 - Offensive dApps 32:48 - Web 2 Attacks Affecting Web3 Apps 32:59 - WebApp Frontend Attacks 35:27 - Node Compromise 37:20 - Traditional Vulnerabilities 39:37 - Administrative Issues 41:57 - Centralized Exchange Attacks 43:06 -  ...more
...more

Demystifying Web3 Attack Vectors, with Beau Bullock and Steve Borosh

0:00

About Us

2:07

Topic Roadmap

3:05

What is Web 3

4:44

Web3 - Backend

8:04

Repeat Offender

10:41

Ethereum Name Service (ENS)

11:39

Keys to the Kingdom

13:03

Social Engineering

15:08

Private Key and Seed Theft

15:30

Token Approvals

17:20

Malicious Token Airdrops

20:21

Discord Hacks

21:45

SIM Swaps

26:45

Rugpulls

27:32

Honey Contracts

29:44

Offensive dApps

31:21

Web 2 Attacks Affecting Web3 Apps

32:48

WebApp Frontend Attacks

32:59

Node Compromise

35:27

Traditional Vulnerabilities

37:20

Administrative Issues

39:37

Centralized Exchange Attacks

41:57

Cloud-Hosted Secrets

43:06

Smart Contract Attacks

44:07

What Are Attackers Doing With Stolen Funds? | Transaction Tracking (Blockchain Explorers)

48:25

Transaction Tracking (Debuggers)

49:31

Tracking Transactions (Investigation Tools)

50:20

Mixing

52:21

Tornado Deposits Discord Bot

54:12

Cash-Out

55:06

Start Hacking Web3

55:49

Web3 Books

56:02

Solidity Coding

56:13

Web3 CTFs

56:46

Web 3 Bug Bounties

57:16

Blockchain HAX Quickstart Hacking Guide

57:40

Key Takeaways

58:04

Follow Us Resources | The End

59:26

Post-Show Banter & Questions

59:50
BHIS | Demystifying Web3 Attack Vectors, with Beau Bullock and Steve Borosh | 1 Hour
93Likes
5,674Views
2022Sep 6
Join us in the Black Hills InfoSec Discord server here:   / discord   to keep the security conversation going! Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- https://www.blackhillsinfosec.com 00:00 - Demystifying Web3 Attack Vectors, with Beau Bullock and Steve Borosh 02:07 - About Us 03:05 - Topic Roadmap 04:44 - What is Web 3 08:04 - Web3 - Backend 10:41 - Repeat Offender 11:39 - Ethereum Name Service (ENS) 13:03 - Keys to the Kingdom 15:08 - Social Engineering 15:30 - Private Key and Seed Theft 17:20 - Token Approvals 20:21 - Malicious Token Airdrops 21:45 - Discord Hacks 26:45 - SIM Swaps 27:32 - Rugpulls 29:44 - Honey Contracts 31:21 - Offensive dApps 32:48 - Web 2 Attacks Affecting Web3 Apps 32:59 - WebApp Frontend Attacks 35:27 - Node Compromise 37:20 - Traditional Vulnerabilities 39:37 - Administrative Issues 41:57 - Centralized Exchange Attacks 43:06 - Cloud-Hosted Secrets 44:07 - Smart Contract Attacks 48:25 - What Are Attackers Doing With Stolen Funds? | Transaction Tracking (Blockchain Explorers) 49:31 - Transaction Tracking (Debuggers) 50:20 - Tracking Transactions (Investigation Tools) 52:21 - Mixing 54:12 - Tornado Deposits Discord Bot 55:06 - Cash-Out 55:49 - Start Hacking Web3 56:02 - Web3 Books 56:13 - Solidity Coding 56:46 - Web3 CTFs 57:16 - Web 3 Bug Bounties 57:40 - Blockchain HAX Quickstart Hacking Guide 58:04 - Key Takeaways 59:26 - Follow Us Resources | The End 59:50 - Post-Show Banter & Questions Description: In 2021, an estimated $10 billion was lost due to attacks against DeFi applications. This webcast will highlight many of the common security issues plaguing the web3 ecosystem. Ways that attackers can steal funds and NFTs via social engineering attacks will be discussed. Web3 applications can be susceptible to common web2 frontend and backend vulnerabilities, but with an added layer of complexity. Slides:https://s1hb.sharepoint.com/Content&C... Black Hills Infosec Socials Twitter:   / bhinfosecurity   Mastodon: https://infosec.exchange/@blackhillsi... LinkedIn:   / antisyphon-training   Discord:   / discord   Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.mysh... Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/ser... Penetration Testing: https://www.blackhillsinfosec.com/ser... Incident Response: https://www.blackhillsinfosec.com/ser... Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pa... Live Training: https://www.antisyphontraining.com/co... On Demand Training: https://www.antisyphontraining.com/on... Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube:    / wildwesthackinfest   Active Countermeasures YouTube:    / activecountermeasures   Antisyphon Training YouTube:    / antisyphontraining   Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/ #bhis #infosec

Follow along using the transcript.

Black Hills Information Security

66.5K subscribers