Wednesday, May 31, 2023

Web3 Smart Contract And Blockchain Hacking With Python Free Course Section 1

 Below is the full playlist and the outline for Section 1 the Web3 Hacking in Python course.. This is the most in-depth python based web3 material I have seen anywhere online. 

Section 1 is the foundational section of the course using python for web3 that covers the following topics and also assumes that you have already taken my smart contract hacking course from 2020.  


Smart Contract and Blockchain Web3 Hacking in Python: 

Section 1: 

Smart Contract Interactions: 

1.  Simple Smart Contract Interactions

2.  ERC20 Token Interactions

3.  Wallet Interactions

4.  Manual ByteCode Reversing

5.  ByteCode Function BruteForce Automation

6.  Automated Reversing and Disassembly

7.  Transaction Signing

8.  In Depth Manual Smart Contract Interactions

9.  Asynchronous programming to monitor Contract Events


Homework Assignments

1. Uniswap Pair nested Contract Interactions

2. Attacking Smart Contract Pathways Manually with python

3. Analyze Bytecode and Determine what it Interactions


Network Interactions: 

1. Blocks and transaction Filtering and Monitoring

2. Pending Transaction Subscriptions And Network Monitoring

3. Monitoring Smart Contract Mempool Transactions (Uniswap Routers)


Playlist: 

https://www.youtube.com/watch?v=UBK2BoFv6Lo&list=PLCwnLq3tOElrubfUWHa1qKrJv1apO8Aag&index=1

Related links
  1. Hackrf Tools
  2. Free Pentest Tools For Windows
  3. Termux Hacking Tools 2019
  4. Best Hacking Tools 2019
  5. Pentest Tools For Windows
  6. Install Pentest Tools Ubuntu
  7. Best Pentesting Tools 2018
  8. Pentest Tools Apk
  9. Beginner Hacker Tools
  10. Hack Tools For Ubuntu
  11. Nsa Hack Tools Download
  12. Beginner Hacker Tools
  13. Hacking Tools Download
  14. Hackers Toolbox
  15. Hack App
  16. What Are Hacking Tools
  17. Hacker Search Tools
  18. Pentest Tools Website Vulnerability
  19. Hacking Tools Name
  20. Hack Tools Download
  21. Hacking Tools Pc
  22. New Hack Tools
  23. Pentest Tools Download
  24. Hack Tools For Pc
  25. Hacking Tools 2019
  26. Hacker Tools Mac
  27. Hacks And Tools
  28. Hack Tool Apk
  29. Pentest Tools List
  30. Pentest Tools Alternative
  31. Pentest Tools Subdomain
  32. Hack Tools Download
  33. Hack Tools For Games
  34. Github Hacking Tools
  35. Pentest Tools Framework
  36. Hacking Tools For Windows 7
  37. Pentest Tools Online
  38. Pentest Tools Free
  39. Hacking Tools Hardware
  40. Hacker Security Tools
  41. Pentest Tools Android
  42. Hack Tools Pc
  43. World No 1 Hacker Software
  44. Hacking Tools Online
  45. Physical Pentest Tools
  46. Hacker Tools
  47. Hacker Tools Free
  48. Hack Apps
  49. Pentest Tools Bluekeep
  50. Hacking Tools For Pc
  51. Tools Used For Hacking
  52. Hacking Tools Pc
  53. Ethical Hacker Tools
  54. Hack Tools Pc
  55. Hacking Tools Mac
  56. How To Install Pentest Tools In Ubuntu
  57. Hacking Tools 2020
  58. Hack Tools For Ubuntu
  59. Pentest Tools Review
  60. Hacking Tools For Kali Linux
  61. What Is Hacking Tools
  62. Hacking Tools 2020
  63. Beginner Hacker Tools
  64. Pentest Reporting Tools
  65. Ethical Hacker Tools
  66. How To Make Hacking Tools
  67. Tools For Hacker
  68. Hack Tools For Games
  69. Hacking App
  70. Pentest Tools
  71. Pentest Automation Tools
  72. Pentest Tools Online
  73. Underground Hacker Sites
  74. Hack Apps
  75. Hackers Toolbox
  76. Hacker Tool Kit
  77. Hack Tools
  78. Free Pentest Tools For Windows
  79. Hack Apps
  80. Wifi Hacker Tools For Windows
  81. Hacking Tools Online
  82. Hacks And Tools
  83. Install Pentest Tools Ubuntu
  84. Hack App
  85. Pentest Tools Framework
  86. Pentest Tools List
  87. Hack Tools
  88. Hacker Tools
  89. Hacker Tools For Windows
  90. Pentest Tools Windows
  91. Hackers Toolbox
  92. Hacks And Tools
  93. Free Pentest Tools For Windows
  94. Hack And Tools
  95. Hacking Tools 2019
  96. Hack Tools For Games
  97. Underground Hacker Sites
  98. Hacking Tools For Windows Free Download
  99. Ethical Hacker Tools
  100. Hack Tool Apk No Root
  101. Pentest Tools Alternative
  102. Pentest Box Tools Download
  103. Hack Tool Apk
  104. Hacker Tools Hardware
  105. Hack Tools For Games
  106. Hack Apps
  107. Hacking Tools For Windows
  108. Hacker Tools
  109. Hacking Tools Kit
  110. Best Hacking Tools 2019
  111. Hacking Tools Pc
  112. Hack Tools For Games
  113. Pentest Tools Online
  114. Hack Rom Tools
  115. Hacker Tools For Ios
  116. Hack And Tools
  117. How To Install Pentest Tools In Ubuntu
  118. Pentest Automation Tools
  119. Blackhat Hacker Tools
  120. Hack Tool Apk
  121. Pentest Tools Linux
  122. Hackers Toolbox
  123. Hacking Tools Name
  124. Hacker Tools 2020
  125. Hacker Tools Free Download
  126. Hacker Techniques Tools And Incident Handling
at 0 comments

Odysseus


"Odysseus is a tool designed for testing the security of web applications. Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Odysseus will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server." read more...

Download: http://www.bindshell.net/tools/odysseus


Related posts

  1. Hack Tools Github
  2. Free Pentest Tools For Windows
  3. Hacker Tools List
  4. Hacking Tools Usb
  5. Pentest Tools Url Fuzzer
  6. Hacking Tools Windows 10
  7. Hacking Tools Free Download
  8. Tools For Hacker
  9. Hacking Tools Software
  10. Pentest Recon Tools
  11. Pentest Tools For Mac
  12. Bluetooth Hacking Tools Kali
  13. Hacking App
  14. Hack Tools Online
  15. Pentest Tools Website Vulnerability
  16. Hacker Techniques Tools And Incident Handling
  17. Hacker Tools Mac
  18. Best Pentesting Tools 2018
  19. Pentest Recon Tools
  20. Top Pentest Tools
  21. Hacker Tools Hardware
  22. Underground Hacker Sites
  23. How To Install Pentest Tools In Ubuntu
  24. How To Make Hacking Tools
  25. Tools 4 Hack
  26. Easy Hack Tools
  27. Hacker Tools Apk
  28. Pentest Tools Linux
  29. How To Make Hacking Tools
  30. What Are Hacking Tools
  31. Growth Hacker Tools
  32. Pentest Tools Linux
  33. Hacking Tools Online
  34. Hacker Tools Hardware
  35. Nsa Hacker Tools
  36. Hacking Tools Online
  37. Pentest Tools For Ubuntu
  38. Top Pentest Tools
  39. Hacking Tools And Software
  40. Hacker Tools List
  41. Usb Pentest Tools
  42. Pentest Tools Apk
  43. Hacking Tools Github
  44. Hackers Toolbox
  45. Tools For Hacker
  46. Hack Tools For Windows
  47. Hacking Tools Name
  48. Termux Hacking Tools 2019
  49. Pentest Tools Nmap
  50. Hacking Tools Name
  51. Hacker Tools Free
  52. Hack Tools Download
  53. Hacking Tools For Beginners
  54. Usb Pentest Tools
  55. Hacker Techniques Tools And Incident Handling
  56. Pentest Recon Tools
  57. Hacker Search Tools
  58. Pentest Tools List
  59. Hacking Tools 2020
  60. Best Hacking Tools 2019
  61. How To Install Pentest Tools In Ubuntu
  62. Pentest Reporting Tools
  63. Hacking Tools Free Download
  64. Nsa Hack Tools
  65. Hacker Tools Online
  66. Hacker Tools Free Download
  67. Hacker Tools Windows
  68. What Is Hacking Tools
  69. How To Install Pentest Tools In Ubuntu
  70. Hacking Tools For Windows
  71. Hacker Tools Free
  72. Hacker Tools For Mac
  73. Hacking Tools For Windows Free Download
  74. Computer Hacker
  75. Pentest Tools
  76. Pentest Reporting Tools
  77. Hacking Tools For Windows 7
  78. Hacker Tools 2020
  79. Pentest Tools Apk
  80. Hack Tools Online
  81. Hack Tools Pc
  82. Hacking Tools Usb
  83. Pentest Tools Framework
  84. Hacker Tools For Windows
  85. Pentest Tools Android
  86. Hacker Tools Online
  87. Hacker Tools 2019
  88. Pentest Box Tools Download
  89. Pentest Tools Port Scanner
  90. Hack Tools
  91. Pentest Tools Windows
  92. Hacker Tools Free Download
  93. Pentest Tools Android
  94. Hacker Tools 2020
  95. Hacker Tools Mac
  96. Hacker
  97. Hack Apps
  98. Hacker Tools
  99. Pentest Tools Download
  100. Pentest Tools Kali Linux
  101. Hacker Techniques Tools And Incident Handling
  102. Pentest Tools
  103. Android Hack Tools Github
  104. Best Hacking Tools 2020
  105. Underground Hacker Sites
  106. Physical Pentest Tools
  107. Pentest Tools Url Fuzzer
  108. Hack Tools 2019
  109. Pentest Tools Android
  110. Pentest Box Tools Download
  111. Hacking Tools Name
  112. Hacking Tools Pc
  113. How To Hack
  114. Hacker Tools Hardware
  115. Hacking Tools Download
  116. Nsa Hack Tools
  117. Hacker Search Tools
  118. Beginner Hacker Tools
  119. Hacker Tools Github
  120. Hacker Techniques Tools And Incident Handling
  121. Pentest Tools Kali Linux
  122. Best Pentesting Tools 2018
  123. New Hack Tools
  124. Hack Rom Tools
  125. Hacker Tools Github
  126. Pentest Tools Online
  127. Hackrf Tools
  128. Hack App
  129. Bluetooth Hacking Tools Kali
  130. Underground Hacker Sites
  131. Install Pentest Tools Ubuntu
  132. Black Hat Hacker Tools
  133. Hacking Tools Github
  134. Pentest Tools Open Source
  135. What Are Hacking Tools
  136. Tools Used For Hacking
  137. Tools For Hacker
  138. How To Make Hacking Tools
  139. Tools Used For Hacking
  140. Hacker Tools For Mac
  141. Hacker Tools Windows
  142. Hacking Tools For Kali Linux
  143. Hacking Tools Mac
  144. Hack App
  145. Pentest Tools
  146. Hacker Search Tools
  147. Hacking Tools Download
  148. Hacker Techniques Tools And Incident Handling
  149. Hacking Tools
  150. Easy Hack Tools
  151. Hacker Tools For Ios
  152. Hack Website Online Tool
  153. Tools 4 Hack
  154. Hacking Tools Name
  155. Hacker Tools For Mac
  156. Hack Tool Apk No Root
  157. Pentest Tools Open Source
  158. Hak5 Tools
  159. Android Hack Tools Github
  160. Hacker Tools Mac
  161. Pentest Tools Url Fuzzer
  162. Pentest Tools For Mac
  163. Hack Tools 2019
  164. Tools For Hacker
  165. Blackhat Hacker Tools
  166. Pentest Tools Url Fuzzer
  167. Bluetooth Hacking Tools Kali
  168. Hacking Tools For Beginners
  169. Github Hacking Tools
  170. Hacking Tools Software
  171. Pentest Tools Android
at 0 comments

Stop Using MD-5, Now!

TL;DR: Don't use MD-5 to identify malware samples. Believe me, it is a bad idea. Use SHA-256 or a stronger hash function.

This post is dedicated to all malware researchers, still using MD-5 to identify malware samples.

Before deep-diving into the details, let me explain my view on this topic. Whenever you want to identify a malware, it is only OK to publish the MD-5 hash of the malware if you post at least the SHA-256 hash of the malware as well. Publishing only the MD-5 hash is unprofessional. If you want to understand why, please continue reading. If you know about the problem, but want to help me spread the word, please link to my site www.stopusingmd5now.com.

By writing articles/posts/etc. and publishing the MD-5 hash only, it is the lesser problem that you show people your incompetency about hash functions, but you also teach other people to use MD-5. And it spreads like a disease... Last but not least, if I find a sample on your blog post, and you use MD-5 only, I can't be sure we have the same sample.

Here is a list to name a few bad examples (order is in Google search rank order):


Introduction to (cryptographic) hash functions

A long time ago (according to some sources since 1970) people started designing hash functions, for an awful lot of different reasons. It can be used for file integrity verification, password verification, pseudo-random generation, etc. But one of the most important properties of a cryptographic hash function is that it can "uniquely" identify a block of data with a small, fixed bit string. E.g., malware can be identified by using only the hash itself, so everybody who has the same malware sample will have the same hash; thus they can refer to the malware by the hash itself.

It is easy to conclude that there will always be collisions, where a different block of data has the same result hashes. The domain (block of data) is infinite, while the codomain (possible hash values) is finite. The question is how easy it is to find two different blocks of data, having the same hash. Mathematicians call this property "collision resistance." Proper cryptographic hash functions are collision-resistant, meaning it is impractical or impossible to find two different blocks of data, which have the same hash.

In 1989 Ronald Rivest (the first letter in the abbreviation of the RSA algorithm) designed the MD-2 hashing algorithm. Since 1997 there are publications about that this hashing algorithm is far from perfect.

In 1990 Ronald Rivest designed the MD-4 algorithm, which is considered as broken at least from 1991. But MD-4 is still in use from Windows XP until Windows 8 in the password protocol (NTLM). Unfortunately, there are more significant problems with NTLM besides using MD-4, but this can be the topic of a different blog post.

In 1991 (you might guess who) designed yet another hashing algorithm called MD-5, to replace MD-4  (because of the known weaknesses). But again, in from 1993 it has been shown many times that MD-5 is broken as well. According to Wikipedia, "On 18 March 2006, Klima published an algorithm [17] that can find a collision within one minute on a single notebook computer, using a method he calls tunneling". This means, that with the 8 years old computing power of a single notebook one can create two different files having the same MD-5 hash. But the algorithms to generate collisions have been improved since, and "a 2013 attack by Xie Tao, Fanbao Liu, and Dengguo Feng breaks MD-5 collision resistance in 2^18 time. This attack runs in less than a second on a regular computer." The key takeaway here is that it is pretty damn hard to design a secure cryptographic hash function, which is fast, but still safe. I bet that if I would develop a hash function, Ron would be able to hack it in minutes.

Now, dear malware researcher, consider the following scenario. You as, a malware analyst, find a new binary sample. You calculate the MD-5 hash of the malware, and Google for that hash. You see this hash value on other malware researchers or on a sandbox/vendor's site. This site concludes that this sample does this or that, and is either malicious or not. Either because the site is also relying solely on MD-5 or because you have only checked the MD-5 and the researcher or sandbox has a good reputation, you move on and forget this binary. But in reality, it is possible that your binary is totally different than the one analyzed by others. The results of this mistake can scale from nothing to catastrophic.

If you don't believe me, just check the hello.exe and erase.exe on this site from Peter Sellinger. Same MD-5, different binaries; a harmless and a (fake) malicious one... And you can do the same easily at home. No supercomputers,  no NSA magic needed.

On a side-note, it is important to mention that even today it can be hard to find a block of data (in generic), if only the MD-5 hash is known ("pre image resistance"). I have heard people arguing this when I told them using MD-5 as a password hash function is a bad idea. The main problem with MD-5 as a password hash is not the weaknesses in MD-5 itself, but the lack of salt, lack of iterations, and lack of memory hardness. But still, I don't see any reason why you should use MD-5 as a building block for anything, which has anything to do with security. Would you use a car to drive your children to the school, which car has not been maintained in the last 23 year? If your answer is yes, you should neither have children nor a job in IT SEC.

Conclusion

If you are a malware researcher, and used MD-5 only to identify malware samples in the past, I suggest to write it down 1000 times: "I promise I won't use MD-5 to identify malware in the future."

I even made a website dedicated to this problem, www.stopusingmd5now.com . The next time you see a post/article/whatever where malware is identified by the MD-5 hash only, please link to this blog post or website, and the world will be a better and more professional place.


PS: If you are a forensics investigator, or software developer developing software used in forensics, the same applies to you.
PS 2: If you find this post too provocative and harsh, there is a reason for this ...

Update: I have modified two malware (Citadel, Atrax) with the help of HashClash, and now those have the same MD-5. Many thanks for Marc Stevens for his research, publishing his code, and help given during the collision finding.

Read more


at 0 comments

Tuesday, May 30, 2023

TYPES OF HACKING

Types of hacking?
We can segregate hacking into different categories, based on what being hacked. Here is a set of examples-

 1-Website Hacking- Hacking a website means taking unauthorized control over a web server and its associated software such as databases and other interfaces.

 2-Network Hacking-Hacking a network means gathering information about a network by using tool like Telnet, Nslookup, Ping, Tracert, Netstat etc with the intent to harm the network system and hamper its operation.

 3-Email Hacking-It includes getting unauthorized access on an Email account and using it without taking the permission of the owner.

 4-Ethical Hacking-It involves finding weakness in a computer or network system for testing purpose and finally getting them fixed.

5-Password Hacking-This is the process of recovering secret password from data that has been stored in or transmitted by a computer system.

 6-Computer Hacking-This is the process of stealing computer ID & Passwords by applying hacking methods and getting unauthorized access to a computer system.

Related articles


at 0 comments
Subscribe to: Posts (Atom)