devconnect arg / how to infiltrate a web3 project the hitchhikers guide for aspiring black hats
- YouTube
- Details
How to Infiltrate a Web3 Project: The Hitchhikers Guide for Aspiring Black Hats!
Duration: 00:04:19
Speaker:
Type: Talk
Expertise:
Event: Devcon
Date: Feb 2026
Dr. Jan Philipp Fritsche, Managing Director, Oak Security
Exploits of Web3 projects are increasingly targeting the human threat vector. In this humorous but educational talk we explore the operational security risks project face from the attacker's viewpoint.
https://defisecuritysummit.org/schedule
- Related
Devconnect
Talk
05:05
AI and the Future of On-Chain Trust & Safety: Building Security Detection at Scale for Web3
Rodrigo Lajous, Staff Software Engineer, Webacy DeFi faces evolving risks in both security and trading domains, including fake tokens, rug-pulls, hidden taxes, bundling, sniper bots, address poisoning, and illicit fund flows. This talk introduces state-of-the-art detection techniques built on scalable machine learning and blockchain/financial analytics. https://defisecuritysummit.org/schedule
Devconnect
Talk
20:33
AI Changing the Security Game
Pablo Misirov, Solutions Engineer, Spearbit Artificial Intelligence is no longer a peripheral tool in cybersecurity, it is rapidly becoming the central nervous system for both defensive and offensive operations. In this talk I will explore with the audience practical applications of using AI driven workflows and agents in web3 security. https://defisecuritysummit.org/schedule
Devconnect
Talk
05:48
AI in Bug Reports: When to Use LLMs and When Not To
Alejandro Munoz-McDonald, Security Researcher & Triage Lead, Immunefi Large Language Models are quickly becoming part of the security researcher’s toolkit, but their value in bug bounty reporting is often misunderstood. While LLMs can speed up writing, clarify technical explanations, and even help spot inconsistencies, they can just as easily generate noise, false positives, or overconfident nonsense that wastes everyone’s time. This talk explores where AI can genuinely improve the quality and clarity of bug reports and where it actively hurts both researchers and triage teams. https://defisecuritysummit.org/schedule
Devconnect
Talk
06:09
Auditing with Machines: A Practical Exploration of AI-Augmented Security Work
Ionut-Viorel Gingu, Blockchain Security Researcher, OpenZeppelin As the complexity of smart contract security work grows, auditors face increasing pressure to scale both the depth and breadth of their analysis. Recent advances in AI-powered tools promise to augment human expertise by automating low-level tasks, accelerating trace analysis, uncovering novel patterns in transaction flows or simply raising attack vectors and security risks. In this talk, I will present ways in which artificial intelligence can be leveraged to increase the speed, quality and completeness of an audit. https://defisecuritysummit.org/schedule
Devconnect
Talk
05:01
Beyond “Just Read the Code”: Auditing Strategies & Tactics
Nisedo, Blockchain Security Engineer, Trail of Bits Saying top auditors “just read the code” is like saying Michael Phelps just swims, or Usain Bolt just runs. This talk breaks down exactly how the best audit: auditing strategies, tactics, and how to find bugs others miss. https://defisecuritysummit.org/schedule
Devconnect
Talk
05:42
Beyond the Audit: Building an Always-On Security Culture for Web3
Dan Berbec, Head of BD, Sherlock Audits are checkpoints, not finish lines. Learn a simple, always-on security model: embed security in dev, use AI, audits, fuzzing, formal methods, contests and bounties—what each catches, when to use them, and how to measure progress. https://defisecuritysummit.org/schedule
Devconnect
Talk
22:22
Beyond the Cron Job: Eliminating Single Points of Failure With Automation
Facu Spagnuolo, CTO, Mimic Most protocols rely on a cron job triggering transactions from a server for critical transactions. We explore vulnerabilities and present a resilient, decentralized execution architecture to avoid single points of failure on the server side. https://defisecuritysummit.org/schedule
Devconnect
Talk
05:33
Beyond the PDF: Building the Data Layer for On-Chain Trust
Bilel Seddik, CGO, Trustblock Web3 security is trapped in static PDFs. This talk unveils how aggregating data from 60+ audit firms into a live oracle creates a composable, verifiable trust layer for the entire ecosystem, moving security from a snapshot to a real-time state. https://defisecuritysummit.org/schedule
Devconnect
Talk
05:18
Building a Solid Mindset for Auditing Move Contracts | DeFi Security Summit 2025
Move reduces common bugs, yet incidents reveal familiar risks and Move-specific pitfalls. This talk catalogs attack patterns and builds a solid audit mindset especially in consideration to the Move language—for safer DeFi on Aptos/Sui. About DSS DeFi Security Summit brings together hackers, protocol builders, and tool providers who are interested in technologies and disciplines to make blockchain applications safer. Since launching in 2025, DSS has already held four successful editions across the US, France, Thailand, and Argentina. https://defisecuritysummit.org
Devconnect
Talk
05:26
Common DeFi Invariants Every Protocol Must Respect
Anton Permenev, Security Engineer, ChainSecuirty When kicking off a review, fuzzing, or formal verification campaign on a new DeFi project, the hardest part is often deciding what invariants to check. Deep, protocol-specific properties usually require a full understanding of the code, but you don't need to wait for that. This talk introduces a set of simple, universal “day-1 invariants” that apply to nearly every protocol. https://defisecuritysummit.org/schedule