Yearn is a decentralized suite of products for managing yield of digital assets. The Yearn system was using Curve creation called veCRV (vote-escrowed CRV). Users will lock their tokens away for...
KaoyaSwap is a BSC Chain that is an AMM via exchange pools. A Fee-On-Transfer token is slightly different than the standard ERC20. Typically, they implement the ERC20 interface with the main...
The Binance has a token hub bridge that allows interoperability between two chains. These two chains are the EVM compatible Binance Smart Chain (BSC) and the Binance Beacon Chain used for...
BCrypt is a popular hashing algorithm for passwords. In PHP, this is one of the standard ways to verify passwords. PHP assumes that the hash will be in a proper format when using password_verify....
Qualcomm chips are common in many phones, such as Samsung's and Google Pixels. Many of these devices have a Graphic Processing Unit (GPU) for performing various actions as well for things like...
A recent virus infection faced by some users was swiftly detected as being caused by Expiro. We have conducted an in-depth investigation and analysis on the intricacies of Expiro and what makes it...
Notional is a lending and borrowing platform on Ethereum. Most operations for their platform are performed using their fCash token. These tokens are redeemable for positive or negative cash flow...
In this third blog post, we will discuss lateral movement risks from the cloud to Kubernetes. We will explain attacker TTPs, and outline best practices for cloud builders and defenders to help...
Security researchers discovered a database containing sensitive data operated by Fayvo, a Saudi Arabia-based social media app. The server hosting the database also leaked its staging environment...
Optimism is a L2 blockchain and Wintermute is a liquidity provider. Optimism sent funds to Wintermute on the L2 chain but it should have been on mainnet ETH. So, nothing should happen, right?...
FEG (Feed Every Gorilla) is a peer-to-peer trading protocol with its own governance token FEGToken on the Binance Smart Chain. It also supports NFT trading. The project allowed for user supplied...
TL;DR: I couldn’t make a custom BlazorPack editor work in Burp, so I used Mallet instead. From an indecipherable binary mess to this, in about 100 lines: Decoded BlazorPack messages For details on...
From the Big Bang to Leonardo da Vinci, these socks have protected the cloud throughout history.
ENS is a naming service for wallets, websites and more. In March of 2022, there was a vote to replace the existing price oracle. The original interface returned 1 value but the new interface...
ENS stores domains. Once it's been registered, there is a metadata service that is offchain and written in JS/TS. This is done with the following steps: Register the name Emit an event of...
bDollar is a algorithmic stablecoin on the Binance Smartchain. It is pegged to multiply assets. The contract attempts to do some asset rebalancing depending on what assets are in or out of the...
Feminist Metaverse (FM) is a DAO for women's rights. The contract had its own token - FM. The smart contracts _transfer function had code for figuring out the dividends for the stakers of the...
Deus Finance is a derivatives trading platform. Calculating the price of a token is complicated in a decentralized system. If it is done via an off-chain oracle, like chainlink, then a deep amount...
Deep Dive analysis of an Vidar Stealer
On 2023-02-18, a research was reported, involving , gaining initial access via Software misconfig, to achieve Resp. disclosure.
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris Infusion Central --------- Begin Update A part 1 of 2 ---------...
Miner/Maximal Extractable Value (MEV) is the capability of gaining profit by reordering or adding transactions in a block. This leads to arbitrage, frontrunning and sandwich attacks. There is a...
Learn how CISOs are preparing for what’s ahead by embracing consolidation and continuing to invest in security.
“In six months, you’ll go home, having received a pardon. (…) Those who come with us and on the first day say, ‘I ended up somewhere I shouldn’t have’, we’ll mark a deserter and execute. (…) You...
Deep Dive analysis of an AsyncRAT OneNote Dropper
Prototype Pollution is a vulnerability in JavaScript that allows for the overwriting of the __prototype__ object. By doing this, an attacker can overwrite the default properties of an object to...
Hal Denton // Have you ever been given an encrypted hard drive to perform forensic analysis on? What could go wrong? Probably the first thought rolling through your mind is […] The post Who’s...
Automatically push Wiz-identified cloud security issues to Snowflake to analyze and accurately report on your cloud security metrics.
Recent attacks leverage CVE-2021-21974 to install ransomware on VMWare ESXi servers. Security teams are advised to patch and stay vigilant for indicators of compromise.
Wiz's State of the Cloud 2023 report provides analysis of trends in cloud usage such as multi-cloud, use of managed services and more. In addition, the report highlights notable cloud risks based...