11364
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia
So, this is the moment of the year for us as the red guild, we have done a lot of work in these past weeks, in order to get to this moment, and I'm going to show you all what have we been up to.
But first, if you're in devcon, go by our booth, S103, next to OpenZeppelin's, where we have some interactive experiences. And you should book 4pm Wednesday 13th (Classroom B), "Don't get rekt4" a threat detection workshop (extended from what you've seen at DSS), which includes a hands on practice.
A SEAL security frameworks talk the 14th 4.10 PM (Stage 2).
And then, we have https://card.theredguild.org/ where you can generate your own password cards, get one printed at our booth along with some stickers. We have a devsecops field guide for our workshop called DevSecOops https://devsecoops.theredguild.org/.
Interactive stuff we got for you two fun things to play with, first a ctf, from our rektgames, https://therektgames.com/, where you can register and play now (already 80 registered) at https://ctf.therektgames.com/, and also a phishing dojo where we put your awareness skills to test by quizzing you in 15 real case scenarios at https://phishing.therektgames.com/.
Any feedback is welcome! And we hope you like this :), we've worked so hard with @tnch !
Spotted a cool service 👀
• https://insiderthreatmatrix.org/
#opsec #security
Spotted a cool article!
• www.osintteam.com/easily-find-osint-tools
Thank you for mentioning my work!
#osint
Bitcoin: The Ultimate OpSec Collection
• https://officercia.mirror.xyz/axuVGnWQ0qglIDyk8KWL2mGYvSut94Vr1BWQIEPW_yw
#opsec #security #privacy
I have collected in the thread actual ways to protect your SIM card and phone number, as well as different options available on the market: x.com/officer_cia/status/1855292702570516595?1
#opsec #security #privacy
Thank you for mentioning my public letter 🫡
• /channel/Shualpha/626
#security #opsec #privacy
Defence tactics, a thread ⬇️
• https://x.com/officer_cia/status/1855071920859009134
#security #opsec
Sad day for privacy advocates and crypto, and a big win for the warrantless surveillance state and wholly unaccountable chain analytics firms (with their psuedo-scientific "forensics")
https://cointelegraph.com/news/bad-blockchain-forensics-convict-roman-sterlingov
a Study on Data Privacy in DeFi Protocols. https://arxiv.org/abs/2211.16082 @web3privacy1
Читать полностью…
We’re thrilled that Glider helped a whitehat demonstrate the impact of an issue, raising it to critical and unlocking a $1 million prize pool.
Another great use case for Glider! Try out glide.r.xyz - 17 lines of code may result in 1 million $ payout! 👀
• x.com/minato7namikazi/status/1853455576405082148
• x.com/xyz_remedy/status/1853463831579660562
And of course submit your findings to @xyz_remedy!
#security #web3
medium.com/@officercia/my-web3-security-privacy-stack-safeguarding-the-future-of-decentralization-89285ae6e7a6
Читать полностью…
Link: https://github.com/tpiliposian/not-awesome-web3-security-roadmap
#web3 #security
Dear subscribers, I know there are a few themed conferences and meetups coming up... I don't plan on attending them (as I always do), but you can meet my friends from @xyz_remedy!
I keep naively waiting for VRchat to become so popular that we can hold crypto conferences there lol 😂
#offtopic
If you’d like to support me and my work, please donate:0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A
or 0x937028F9A08b39331FAE53741Ada63179C42a7e7 — Ethereum, Base, Optimism, Polygon, BSC;17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU or bc1q75zgp5jurtm96nltt9c9kzjnrt33uylr8uvdds — Bitcoin;TYWJoRenGB9JFD2QsdPSdrJtaT6CDoFQBN — TRX;4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — XMR;
You can also support me by minting one of my Mirror articles NFTs or just DM me for a clean address! Thank you very much!
The crypto exchange M2 was hacked for ~$13M from hot wallets on multiple chains yesterday.
Theft addresses
ETH: 0x968b6984cba14444f23ee51be90652408155e142
BTC: bc1qu4kh7wa38xpkrp8frgxl4sak88wx0jug8n3vfj
SOL: EKko14NvgqdvNttUb8JjXkVGuUs6BTikjfN3hqW4LQoL
The first video of our bug bounties series is up 🫡
- what is a bug bounty
- steps to get started as a beginner in bug bounties
- essential tools and resources to help you succeed
Here’s the full video: https://youtu.be/XGi4eZDejpY?si=WkDKB4Vo45HBdivw
#audit #bugbounty #web3
Handy scripts for glide.r.xyz ⬇️
• https://github.com/ustas-eth/daily-glider/blob/main/articles/handy-scripts/README.md
#audit #web3
Please support me and my work by donating to any address from the list below or minting one of my mirror articles!
You can also order an OpSec audit or lecture from me!
Thank you 🙏
#offtopic
For those who don't already know... Telegram can show commercials on my channel to users who don't have a Premium subscription nonetheless I won't (and cannot) receive any money from these ads.
FYI
#offtopic
Yet another awesome repo: https://github.com/tpiliposian/awesome-web3sec-blogs-and-podcasts
#audit #web3
This will come as a shock to many, but I once worked in a factory as a regular turner. Those were good times...
I once thought I wanted to build rockets and satellites, but life and fate decided that I would be a CT blogger in Web3! 😅
#offtopic
North Korean hacker group BlueNoroff is targeting crypto firms with a new malware that attacks MacOS. Once a user downloads and opens a decoy PDF, the malware is downloaded as a separate file on the MacOS desktop in the background to remotely access the victim's computer to steal private keys. — link
Читать полностью…
V2023: x.com/web3privacy/status/1742236340077338634
#privacy #opsec
Beware of Scams Targeting Development Teams
Recently, a development company received a request to create a high-value product, but the process required completing a test task as a preliminary qualification. To begin, the team was instructed to download a project from Bitbucket. Upon inspection, they discovered suspicious activity in one of the files: a malicious code snippet known as a “stealer.”
What is a Stealer?
A “stealer” is malware designed to extract sensitive information from the victim’s system, including cryptocurrency wallets, browser-stored passwords, and other private data. Some stealers also install backdoors, allowing further unauthorized access to the compromised computer. This code often includes hexadecimal values and obfuscated strings, which only reveal their full intent during runtime.
For more information on stealers, refer to this Malwarebytes article.(https://lnkd.in/dfAv_cyJ)
In this case, the application immediately transmitted collected data to a remote server before installing a backdoor on the computer. The hacker had embedded their IP address, 138.201.199.46, as the destination for the stolen information—a significant oversight that aided in identifying the threat.
How to Protect Yourself
Unfortunately, this is not a first incident. To avoid falling victim to similar scams, always follow these best practices:
• Analyze Code Thoroughly: Avoid cloning or executing unverified code, especially on non-isolated environments. Always inspect unfamiliar code in a virtual machine to mitigate potential risks.
• Enhance Personal Security: Regularly audit your communication channels. Disable auto-downloads in messaging apps, enable multi-factor authentication (MFA), and be aware of SIM-swapping threats.
• Educate Yourself: Explore security resources like the following to strengthen your online defenses:
• Telegram Security Best Practices
https://lnkd.in/dDS6bDxZ
• Crypto-OpSec-SelfGuard-RoadMap
https://lnkd.in/dQAUrk2g
Stay vigilant, and remember that investing time in security today can protect you and your friends from significant losses in the future.
https://www.linkedin.com/posts/vvlnko_beware-of-scams-targeting-development-teams-activity-7260643728539734017-wGO0?utm_source=share&utm_medium=member_ios
Via Mirror: https://officercia.mirror.xyz/QAX5XNfBcSnMelGrVLbdJz-N4vjvdylgMPElLyclOuQ
#opsec #security
🫡🫡🫡
• x.com/web3privacy/status/1854801391665266969
#opsec #security
Want to learn Web3 security but not sure where to start?
We get this question all the time.
Here’s our answer: x.com/xyz_remedy/status/1853844986543952263
#web3 #security
600 users have collected my article, thank you fam 🫡
• Please RT: x.com/officer_cia/status/1853260026443358233
• Article link: officercia.mirror.xyz/z7UhL4a_R5L0iPiAufCx7OXC24-onnNg92RzcwPP1VQ
#opsec #security
Dear friends, you can order an OpSec audit from me for you and your team/project.
I can conduct a series of trainings with you and your team, develop project-specific OpSec guidelines and answer all your questions.
This is about my personalized services. I do not do it on behalf of the company. Thank you! 🙏
Price is negotiated separately, depends on occupancy and number of days. You can count on 3-5 thousand dollars for everything (provided that there will not be any particularly costly cases).
• Can you share more information on the services included specifically?
• Mainly from potential dangers that may be encountered in Web3. Mainly OpSec, in particular, wallet security, social networks, multisig. In other words, everything that fits under OpSec including also workplace setup and basic security guideline including physical security. These includes lectures for team, personal consultations, creation of project-specific guidelines. Typical duration - 1-2 weeks, depends on complexity.
DM: @farm42
#opsec #security
Happy Halloween! 🎃
• x.com/officer_cia/status/1719501383597249020