11251
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia • Chat: t.me/+C6RfnbB33AYzNGIy
I think that Telegram will continue to exist one way or another (maybe we will have a couple of DDoS attacks), but in general - it is unlikely that its arrest will change anything globally. And the criminals will return to Jabber and Matrix. Sad but true.
#offtopic
One of our dear friends and colleagues has written a a research paper showcasing Glider's pattern matching capabilities and how it can help you detect Ethereum Mixers. So let's dive right in 👇
• x.com/elen__kay/status/1826964800821190985?1
#OSINT #security
officercia.mirror.xyz/z7UhL4a_R5L0iPiAufCx7OXC24-onnNg92RzcwPP1VQ
Читать полностью…
Дорогие друзья, обращаюсь к вам на родном мне языке. Я принял решение раскрыть свою личность и начать постепенный уход от никнейма «officercia» и так далее.
Мне хочется верить что я - это больше чем просто никнейм и что вы читаете меня не из-за этого никнейма (который получился таким совершенно случайно), а в первую очередь - из-за моих статей, моего контента и потому что вам это интересно.
Я сменил название своего твиттера, канала и блога. Как только я придумаю как лучше всего поменять тег никнейм (который пишется через @), я обязательно это сделаю - это касается и моего гитхаб аккаунта и так далее. Пока что, я сменю имя и сделаю аккаунт более публичным.
Много причин побудило меня сделать это, и личная безопасность - одна из самых основных. Я очень часто подвергался всевозможным проверкам, слежке и разного рода вниманию которого я точно не хотел получить и все это несмотря на свою выраженную нейтральность и в целом - пародийность аккаунта. Видимо, моя ошибка была думать, что это смешно. Это не смешно, это всего лишь пранк, вышедший из под контроля.
Надеюсь, что мой шаг будет воспринят вами хорошо и он ознаменует начало новой эры моего блога. Искренне ваш, Vladimir S., aka officercia.
• x.com/officer_cia/status/1826758130094547291
#offtopic
officercia.mirror.xyz/iErSmQtt575yXvcPJvPAVJHZ6WxgoDWVd72uMvQ_8Ho
Читать полностью…
Amazing initiative: https://x.com/xyz_remedy/status/1825510777593434165?s=46
#security #twitter
https://youtu.be/SmT2NbicLKw?si=7cDB_V42vHhuKkky
Читать полностью…
I do not plan to write new articles because whatever I do - there are those who try to kill this desire in me. Starting from those who falsely accused me of plagiarism and ending with those who accused me of some political idiotic things. I hope you are all happy, only Glider articles will be coming out from me.
And for all your questions about my nickname, I now have one answer - I self-define myself as a CIA agent and that's my gender. Imagine an amorphous tentacle, that's me.
I hope this post doesn't offend anyone at least this time.
#offtopic
Dear friends, the interview with me is officially published!
A few clarifications on the interview (it was taped a long time ago, so a few things need to be corrected):
• I only work with the @xyz_remedy team; the other specified teams, such as W3A, are no longer connected with me.
• The rest of what I said is completely true.
Please excuse my unprofessional language! Also, let me know if you liked it.
Link: https://youtu.be/SmT2NbicLKw?si=7cDB_V42vHhuKkky
Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google!
• t.me/addlist/uesom31GM1I4Yjgy
What’s new?
• Added new channels, mostly non-tech format!
Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!
A small tip to subscribooors: if you find a channel interesting, move it out of the folder into your main list of chats. That way you’ll view content you’re interested in more often, and channels get more views instead of just subscribers!
#security #offtopic
Awesome tips out there fam 👀
Pure alpha 🐺🐺 🌕
#audit #ethereum #web3
officercia.mirror.xyz/y7qzSLS8qZuU_fdHcrYyN7eZxGzfo_Z5avmNHqhbrZU
Читать полностью…
A friendly reminder to my US subscribers (there are 35% of you): I have never visited your country and have no plans to. If you wish to ask me about my view on elections or political parties, please unsubscribe.
Again, I have no knowledge in this area, have never been to the United States, and am not interested in whether you are a Democrat or a Republican. Thank you.
#offtopic
Yet another OpSec tip (a thread):
• https://x.com/officer_cia/status/1823414116918137003?12
• x.com/officer_cia/status/1823413948265242634?1
Please like & RT!
#opsec #security
You can read the full paper here: https://cse.aua.am/files/2024/05/DetectingEthereumMixers.pdf
#research
🧢 gm whitehats 🧢
Continuing with our Glider Q&A Series, this week's question is: How does Glider work?
🎩 Glider at its heart is a code-analysis query engine. It allows developers/researchers to write Glides (queries written in Python).
Each Glide defines a specific set of instructions that the query engine must execute. These instructions specify what Solidity code Glider should look for.
Once a Glide is written, a Glide developer can then submit the query to Glider. Glider first validates that the query syntax is correct. If the syntax is correct, Glider then processes the query instructions and scans the entire Glider database for any Solidity code that matches the query’s specifications.
Once finished, Glider returns the Solidity code results back to the researcher/developer to review in a readable format.
Don't forget to join our Discord for more Glider Resources 💊
Wishing you all a nice weekend 🫡☀
Greetings, friends I've made the decision to come clean and gradually stop going by the moniker "officercia" and other like nicknames.
I would like to think that I am more than just a nickname and that the main reasons you read my articles and content are because you are interested in them rather than because of my nickname (which happened by accident). My blog, channel, and Х/Twitter have all changed names. I'll make sure to modify the nickname tag (with a «@») as soon as I figure out how to do so; the same goes for my github account and other accounts. I'll change my name and make the account more visible for the time being.
There are numerous factors that have inspired me to do this, the most basic of which being personal safety. I was frequently exposed to scrutiny, spying, and unwanted attention, despite my pronounced neutrality and overall mockery of the account.
Apparently, my error was thinking it was humorous. It is not funny. I hope my move is well accepted by you and marks the start of a new era for my blog. Sincerely yours, Vladimir S., also known as Officercia.
• x.com/officer_cia/status/1826758130094547291
#offtopic
Date: 2024-08-22
Bug bounty program was added to Remedy:
DLC Link
🧢 Do you submit a lot of bug reports, but only a few of them ever get escalated to the organization? Finding a valid bug does not always guarantee a bounty, as you still need to back up your findings by submitting high-quality reports.
So we asked Hexens.io's expert triage team to share valuable tips to help you submit better bug reports 👇
✍ A great bug report starts with a clear and concise bug description. Explain exactly what the bug is, provide context about its impact, and why it matters. It sets the stage for understanding the bug from the outset.
Example - LID-2
🖥 If the vector is complex, detail the attack step by step. Lay out each action clearly, enabling anyone to reproduce the issue. This approach shows the exact exploitation method, making assessing and addressing the risk easier.
Example - EIG 14
🛡A working Proof of Concept (PoC) is essential. Demonstrate the exploit in action using videos, screenshots, or live links (for Web2) and an executable code file for Web3. This validates the bug’s impact and shows it’s not just theoretical but a real-world threat.
Example - MAN1-17
🧩 Add references and links to related CVEs, docs, or external sources. These resources bolster your report’s credibility, offering additional context and helping to compare the issue with known vulnerabilities.
🎯 Use clear and concise language. Avoid jargon and keep your report straightforward. The goal is to communicate effectively with both technical and non-technical team members, ensuring everyone understands the bug and its risks.
🧢 And finally, if the triage team suggests an improvement, or requires more information to properly triage your submission - please make sure you provide all of the necessary info. The team does their best to help you succeed but they cannot do it without your collaboration.
Now get hunting 🪲 There’s a valid bug report waiting to be submitted 💊
Sad but true: x.com/xyz_remedy/status/1824023229683429490?1
#offtopic #audit #bugbounty
🧢 GM whitehats👋
We are starting a Q&A series, where we’ll be addressing your most burning questions regarding Glider - everything from technical to non-technical. This series will be especially useful if you're new here and want to learn more about Glider from 0.
Today, let’s start with the basics: What is Glider IDE?
Glider IDE is a revolutionary research tool that allows developers and researchers to query contracts at scale. Glider allows researchers to query EVM-chain deployed Solidity code for common vulnerabilities, code patterns, and compliance verification to just name a few. Glider IDE provides users several key features that include an embedded editor to write Glides, the ability to run Glides against EVM chains, and view Glider documentation. It is a one-stop shop for researchers interested in finding bugs, collecting statistical data, and developing queries to build implementation standards.
If you have questions you'd like us to address in this series then drop them in the comments or ask them in our Discord
Stay tuned for the next post in the series 👀
officercia.medium.com/they-threatened-to-freeze-me-alive-the-dark-side-of-the-cryonics-an-interview-1dc52d8ebf60
Читать полностью…
🧢 GM whitehats👋
We are starting a Q&A series, where we’ll be addressing your most burning questions regarding Glider - everything from technical to non-technical. This series will be especially useful if you're new here and want to learn more about Glider from 0.
Today, let’s start with the basics: What is Glider IDE?
Glider IDE is a revolutionary research tool that allows developers and researchers to query contracts at scale. Glider allows researchers to query EVM-chain deployed Solidity code for common vulnerabilities, code patterns, and compliance verification to just name a few. Glider IDE provides users several key features that include an embedded editor to write Glides, the ability to run Glides against EVM chains, and view Glider documentation. It is a one-stop shop for researchers interested in finding bugs, collecting statistical data, and developing queries to build implementation standards.
If you have questions you'd like us to address in this series then drop them in the comments or ask them in our Discord
Stay tuned for the next post in the series 👀
What about SSD? Electromagnetic impulse doest not do anything to them, is there a reliable way to kill them without leaving ability to recover anything?
🧢 Do you submit a lot of bug reports, but only a few of them ever get escalated to the organization? Finding a valid bug does not always guarantee a bounty, as you still need to back up your findings by submitting high-quality reports.
So we asked Hexens.io's expert triage team to share valuable tips to help you submit better bug reports 👇
✍ A great bug report starts with a clear and concise bug description. Explain exactly what the bug is, provide context about its impact, and why it matters. It sets the stage for understanding the bug from the outset.
Example - LID-2
🖥 If the vector is complex, detail the attack step by step. Lay out each action clearly, enabling anyone to reproduce the issue. This approach shows the exact exploitation method, making assessing and addressing the risk easier.
Example - EIG 14
🛡A working Proof of Concept (PoC) is essential. Demonstrate the exploit in action using videos, screenshots, or live links (for Web2) and an executable code file for Web3. This validates the bug’s impact and shows it’s not just theoretical but a real-world threat.
Example - MAN1-17
🧩 Add references and links to related CVEs, docs, or external sources. These resources bolster your report’s credibility, offering additional context and helping to compare the issue with known vulnerabilities.
🎯 Use clear and concise language. Avoid jargon and keep your report straightforward. The goal is to communicate effectively with both technical and non-technical team members, ensuring everyone understands the bug and its risks.
🧢 And finally, if the triage team suggests an improvement, or requires more information to properly triage your submission - please make sure you provide all of the necessary info. The team does their best to help you succeed but they cannot do it without your collaboration.
Now get hunting 🪲 There’s a valid bug report waiting to be submitted 💊
GM frens! 🌞
If you enjoyed yesterday's read 👆 then you're going to love what we have in store for you on our Discord 🚀
Be the first to get all the latest Glider news, Remedy updates, and more. Plus, you'll have a direct line to ask all your questions and learn some insights 👀
See you there 🫡
US elections be like the AVP: Alien vs. Predator movie.
Whoever wins, humanity lose.
#offtopic
For my chat participants: Guild chat has been deleted and I will NOT be creating any additional chat rooms, once again, Guild 3.0 chat has been deleted. This response is for those who write to me saying, "Hey, you banned me in chat." I simply erased the chat, not banning anyone. It might not appear immediately because of a Telegram error.
The only public chat where you can check my account is LobsterDAO. I'm out of all chat rooms and I don't have any personal private groups.
#offtopic
Remedy commits to Web3’s security by providing cutting-edge solutions and services, and we are eager to highlight our partner, LineaBuild.
Projects building on Linea can now quickly launch bug bounty programs and benefit from:
- No commissions and listing fees
- Free triaging during beta (powered by hexens.io security teams)
- One-of-a-kind ZK proof of duplicate
- Access to glide.R.xyz, our flagship technology
Join R.xyz to enhance security across Ethereum!
#audit #web3 #security