devcon 7 / defcon at devcon a table top experience
- YouTube
- Details
Defcon at Devcon: A table top experience
Duration: 01:59:53
Speaker: Heidi Wilder, Peter Kacherginsky
Type: Workshop
Expertise: Intermediate
Event: Devcon
Date: Nov 2024
It's 3am and your phone is blowing up—Telegram, Signal, Discord, X—all are saying your project just got rekt. Your team is panicking and begging you to sign off on a quick protocol upgrade. What do you do?
Join our workshop to get hands-on with crisis management in web3. Learn to handle attacks, keep cool under pressure, and manage your stakeholders. By the end, you'll turn this crisis into manageable challenges, protect your project, and keep building.
- Related
Devcon
Talk
27:41
Rug Life: Using Blockchain Analytics to Detect Illicit Activity, Track Stolen Funds, and Stay Safe
Learn how to use blockchain analytics to identify and protect yourself from the latest rugs, hacks, and scams. The purpose of this talk is to discuss: - How to (automatically) identify illicit activity on the blockchain - Typologies of the latest rugs, hacks, and scams - Tracing where funds from a latest rug/hack/scam have gone - How to protect yourself as a dev
Devcon
Talk
Lazarus! How to stay safe from the biggest threat actor in crypto
Lazarus has stolen by far the most funds in the blockchain space. They use the same or very similar attack vectors every time yet we see the biggest crypto companies falling victim to them one after another. In this talk, i'll go over some of the attack vectors used by Lazarus and how people can keep themselves safe from Lazarus.
Devcon
Talk
From Web2 Security With Love
Web3 organizations often rely on Web2 for infrastructure, communications, and development, yet their Web2 security posture is often neglected. This leaves them vulnerable to a wide range of adversaries, from well-funded sophisticated attackers to opportunistic script kiddies. In this talk,Joe Dobson will share hard-earned lessons from the Web2 trenches that can help secure Web3.Don’t make it easy for the adversary. Learn from the past: strengthen your Web2 security to safeguard your Web3 future.
Devcon
Talk
25:40
What don't we know? Understanding Security Vulnerabilities in SNARKs
Zero-knowledge proofs (ZKPs) have evolved from being a theoretical concept providing privacy and verifiability to having practical, real-world implementations, with SNARKs (Succinct Non-Interactive Argument of Knowledge) emerging as one of the most significant innovations. Prior work has mainly focused on designing more efficient SNARK systems and providing security proofs for them. Many think of SNARKs as "just math," implying that what is proven to be correct and secure is correct in practice.
Devcon
Lightning Talk
09:02
OpSec for the Dark Forest (or how to avoid getting rekt)
We will focus on the most important things you need to do to have a good OpSec to survive in the Crypto Dark Forest. I will cover: computer, mobile phone, email, telegram, social media, phone numbers, password managers and 2FA strategy, security software & social engineering. This is based on many years of experience and in the cases we see daily on SEAL 911.
Devcon
Lightning Talk
Can we formally verify implementations of cryptographic libraries like the c-kzg library?
In this talk, we present our work on formally verifying the implementation of a cryptographic library key to the security of the Ethereum Data Availability layer: the c-kzg library. We will explore what we have been able to prove so far and what is ahead of us.
Devcon
Lightning Talk
09:18
Evolution of Scams
The goal of this talk will be to give a quick history of the evolution of scams and the new techniques employed to combat them. I was previously the co-founder of Wallet Guard, which has since been acquired by Consensys. I now am responsible for the research and development of the security engine employed by MetaMask to protect its users.
Devcon
Talk
26:28
hevm or: How I Learned to Stop Worrying and Love the Symbolic Execution
hevm is a symbolic execution engine for the EVM that can prove safety properties for EVM bytecode or verify semantic equivalence between two bytecode objects. It exposes a user-friendly API in Solidity that allows you to define symbolic tests using almost exactly the same syntax as usual unit tests. In this talk, we'll present hevm, what it's useful for, and when and how to use it to help secure your digital contracts.
Devcon
Lightning Talk
05:34
Merkle Proofs: When Leaves Leave You Vulnerable
A Merkle proof is a cryptographically authenticated data structure widely used to minimize on-chain data storage. The Merkle algorithm is neat yet non-trivial to implement correctly and securely; its leaves may leave you vulnerable if not handled properly.
Devcon
Lightning Talk
07:38
Transaction simulation, the good, the bad & the ugly
Transaction simulation allows users to preview the outcomes of signing a transaction, enabling them to make informed decisions rather than fully trusting the dApp. However, several caveats and risks are associated with relying on simulated transaction outcomes. State changes, differing contract behavior between simulation and on-chain execution, and randomness can all affect the outcome. In this talk, I'll share my experiences and learnings from simulating user transactions over the past 2 years