Since joining CertiK as a Security Engineer, my articles(write-ups, vulnerability analysis, etc) are now posted on CertiK’s website and medium. I also regularly attend conferences and meetups, where I present talks and share insights from my research and expertise.

Talks

DEFCON 32 AppSec Village: Web2 Meets Web3 – Hacking Decentralized Applications

https://www.certik.com/resources/blog/web2-meets-web3-hacking-decentralized-applications

https://x.com/wisp_fly/status/1822126402994671809

================================================================

DEFCON 29 BlockChain Village: Evils in the DeFi world(Rugpulls and scams)

https://docs.google.com/presentation/d/1jg_OyIiqinmD1Sdd7Mja5RHtdKn_i1dGfSuv9uik2S4/edit#slide=id.ge53a73c461_0_1094

================================================================

Security workshop with Binance Smart Chain: Understanding Security Risks in DeFi

https://www.youtube.com/watch?v=ErvOqJZB5lU&t=172s

================================================================

Security risks in DeFi(Guest speaker for the Blockchain Cyberdefense Design Challenge at Columbia University)

https://docs.google.com/presentation/d/1x8iAy-Hind7wAiUkTWSe_FG9VpWPFOXAbiR2hIwNqzc/edit?usp=sharing

================================================================

DEFCON 28 BlockChain Village: Exploit Insecure Crypto Wallet

https://www.youtube.com/watch?v=oJaNiXVvE88

================================================================

Articles

Web2 Meets Web3: Hacking Decentralized Applications

https://www.certik.com/resources/blog/web2-meets-web3-hacking-decentralized-applications

================================================================

Exploring the BRC-20 Token Standard: An Introduction

https://www.certik.com/resources/blog/39SZlEG2530iKwhA8Bcnfj-exploring-the-brc-20-token-standard-an-introduction

================================================================

2022 Year in Review – Crypto Wallet Security Incidents

https://www.certik.com/resources/blog/01iz10lvnaAIcuNZ2zNJqA-2022-year-in-review-crypto-wallet-security-incidents

================================================================

Upgradeable Proxy Contract Security Best Practices

https://www.certik.com/resources/blog/FnfYrOCsy3MG9s9gixfbJ-upgradeable-proxy-contract-security-best-practices

================================================================

Uranium Finance Exploit – Technical Analysis

https://www.shentu.technology/blog/uranium-finance-exploit-technical-analysis

================================================================

Crypto Wallet Security Assessment Checklist

https://certik-io.medium.com/crypto-wallet-security-assessment-checklist-a977e3e80b99

================================================================

Blockchain explorer Denial-of-Service (DoS) attacks

https://www.certik.com/resources/blog/is-your-blockchain-safe-from-denial-of-service-dos-attacks

================================================================

CVE-2020–5902 Analysis, F5 BIG-IP RCE vulnerability

https://medium.com/certik/cve-2020-5902-analysis-f5-big-ip-rce-vulnerability-3a3ae6278128

================================================================

Bug bounty write up: remote code execution in Electron desktop crypto wallet.

https://medium.com/certik/vulnerability-in-electron-based-application-unintentionally-giving-malicious-code-room-to-run-e2e1447d01b8

================================================================

Bancor smart contract vulnerability analysis

https://medium.com/certik/bancor-bug-analysis-a-thousand-ways-to-die-smart-contract-function-call-error-d6303c09a7cc

================================================================

Exploit SSRF in Cors-Anywhere

https://medium.com/certik/cors-anywhere-the-dangers-of-misconfigured-third-party-software-df232aae144c