braindump, web3

Vacation Traditions

I enjoy getting lost in work. I mean, really enjoy it. I forget to eat and sleep, especially when developing software. There is something addicting about building an MVP as fast as possible, finding the perfect architecture, refactoring your previous hacks, and eventually making your code observable and running smoothly. Whenever I take a vacation,… Continue reading Vacation Traditions


Honest Attempts to Secure an Ecosystem

I have used my off-time from audits in the past months to write more about security. Especially in a nascent ecosystem like Ethereum still is, the most considerable impact can be delivered by educating people. Education has to happen in different modes of complexity, depending on the target audience: Developers must be educated on how… Continue reading Honest Attempts to Secure an Ecosystem


HackTheBox Registry Write-up

Registry is a box rated at hard difficulty. There are quite a few steps involved, but with a bit of persistence and little experience with Docker internals (hint hint), it looks more daunting than it actually is. Let's go through the process of breaking in step by step! Out initial nmap scan is as unexciting… Continue reading HackTheBox Registry Write-up


HackTheBox Fuzzy Write-up

Fuzzy is a fun and short challenge on a docker container. It is especially good for teaching beginners the basics of using a fuzzer to discover new endpoints on a webserver. Spawning the container and probing around a bit, we don't have too much success. Using dirbuster and a standard wordlist, we find the endpoint… Continue reading HackTheBox Fuzzy Write-up


Construct Truffle Artifact Source Lists

Photo by Andrea Piacquadio from Pexels This is a quick and dirty workaround for an issue that has been bugging me a lot. Truffle is one of the central, if not the most central development tool for building smart contracts on Ethereum to date. When compiling a Truffle project, the output is stored in build/contracts by default. An… Continue reading Construct Truffle Artifact Source Lists


HackTheBox Postman Write-up

Postman was an easy-going box. It required careful enumeration and beyond that did not have too much resistance in privilege escalation. This makes it a prime example for real-world M&M security where the initial foothold is hard, but there is few resistance on the inside. Let's start out by scanning the machine: # nmap -sS… Continue reading HackTheBox Postman Write-up


The Web3 API has come to Python!

Last week I received an email in my inbox about a hackathon hosted by the awesome folks over at Amberdata. They are a provider for on-chain data and cover a large variety of blockchains - including Ethereum, Bitcoin, and Stellar. I have met the developers in the team in late 2018 when I was looking… Continue reading The Web3 API has come to Python!


The 36C3 Telnet Challenge (a.k.a. Cat CTF)

This is a write-up from the 36th Chaos Communication Congress, 2019. It has been my fourth Congress. Timed shortly after Christmas, it feels like meeting a second kind of family after the holidays. Hackers from all over the world gather in Leipzig to celebrate the weirdness of our community, break technology, learn new things, and… Continue reading The 36C3 Telnet Challenge (a.k.a. Cat CTF)