Links To My Recent Articles and Talk

Talks

DEFCON 28 BlockChain Village: Exploit Insecure Crypto Wallet

https://www.youtube.com/watch?v=oJaNiXVvE88

================================================================

Security workshop with Binance Smart Chain: Understanding Security Risks in DeFi

https://www.youtube.com/watch?v=ErvOqJZB5lU&t=172s

================================================================

DEFCON 29 BlockChain Village: Evils in the DeFi world

https://docs.google.com/presentation/d/1jg_OyIiqinmD1Sdd7Mja5RHtdKn_i1dGfSuv9uik2S4/edit#slide=id.ge53a73c461_0_1094

================================================================

Articles

After I join CertiK as a Security Engineer, my articles(write-ups, vulnerability analysis, etc) post under CertiK’s website and medium. Here is a list of them:

Uranium Finance Exploit – Technical Analysis

https://www.certik.org/blog/uranium-finance-exploit-technical-analysis

================================================================

Crypto Wallet Security Assessment Checklist

https://certik-io.medium.com/crypto-wallet-security-assessment-checklist-a977e3e80b99

================================================================

Blockchain explorer Denial-of-Service (DoS) attacks

https://certik.io/blog/technology/is-your-blockchain-safe-from-denial-of-service-dos-attacks/#home

================================================================

CVE-2020–5902 Analysis, F5 BIG-IP RCE vulnerability

https://medium.com/certik/cve-2020-5902-analysis-f5-big-ip-rce-vulnerability-3a3ae6278128

================================================================

Bug bounty write up: remote code execution in Electron desktop crypto wallet.

https://medium.com/certik/vulnerability-in-electron-based-application-unintentionally-giving-malicious-code-room-to-run-e2e1447d01b8

================================================================

Bancor smart contract vulnerability analysis

https://medium.com/certik/bancor-bug-analysis-a-thousand-ways-to-die-smart-contract-function-call-error-d6303c09a7cc

================================================================

Exploit SSRF in Cors-Anywhere

https://medium.com/certik/cors-anywhere-the-dangers-of-misconfigured-third-party-software-df232aae144c