Sunday, September 8, 2024

Real World Social Engineering Part 2: Integrating SE With Stealth Badge Readers Tips and Tricks

 Below is a video on using stealth readers with social engineering to gain access to physical targets on your penetration tests..   This is all based off real world engagements and actual use.. Not theory.. 

Cheers and keep hacking...  

Twitter:   https://x.com/ficti0n

Need A Penetration Test or a Covert Access Engagement / Physical Audit? 

CC Labs:  https://cclabs.io / https://consolecowboys.com




Monday, January 22, 2024

Learning Binary Ninja For Reverse Engineering and Scripting

 Recently added a new playlist with about 1.5 hours of Binary Ninja Content so far..   

Video 1: I put this out a couple months ago covering use cases and reversing flows as well as some basic scripting.. 


Videos 2+3 in the playlist start getting specifically into scripting for reversing automation.. Enjoy.. 


@Ficti0n on twitter..   


Video 1 UI Workflows and Scripting:



Video 2: Scripting Part1 


Video 3: Scripting Part 2



Wednesday, December 27, 2023

Real World Social Engineering - Turning life into a Penetration Test or one Hell of an Adventure

In this video you will learn all the things they never told on how to become a badass social engineer..  Instead of wasting time learning sneaky tactics to "Engineer" the outcome.. We focus on the part which is always left out when teaching social engineering..  the "Social" part..  

With the social part working correctly, the engineering part becomes seamless and easy to pull off without feeling forced. 




Monday, March 27, 2023

New Consulting Series Financial Statement Workshop

 I added a new video to the consulting series playlist today... This is for creating and managing your personal financial statements,  your budgeting of income/expenses from various sources and how to allocate those automatically to investments to build and track over time.... 

If you learn something.. Like and leave a comment...   Cheers... 




Tuesday, March 21, 2023

Web3 Smart Contract and Blockchain Hacking with Python Free Course Section 1

 Below is the full playlist and the outline for Section 1 the Web3 Hacking in Python course.. This is the most in-depth python based web3 material I have seen anywhere online. 

Section 1 is the foundational section of the course using python for web3 that covers the following topics and also assumes that you have already taken my smart contract hacking course from 2020.  


Smart Contract and Blockchain Web3 Hacking in Python: 

Section 1: 

Smart Contract Interactions: 

1.  Simple Smart Contract Interactions

2.  ERC20 Token Interactions

3.  Wallet Interactions

4.  Manual ByteCode Reversing

5.  ByteCode Function BruteForce Automation

6.  Automated Reversing and Disassembly

7.  Transaction Signing

8.  In Depth Manual Smart Contract Interactions

9.  Asynchronous programming to monitor Contract Events


Homework Assignments

1. Uniswap Pair nested Contract Interactions

2. Attacking Smart Contract Pathways Manually with python

3. Analyze Bytecode and Determine what it Interactions


Network Interactions: 

1. Blocks and transaction Filtering and Monitoring

2. Pending Transaction Subscriptions And Network Monitoring

3. Monitoring Smart Contract Mempool Transactions (Uniswap Routers)


Playlist: 

https://www.youtube.com/watch?v=UBK2BoFv6Lo&list=PLCwnLq3tOElrubfUWHa1qKrJv1apO8Aag&index=1

Thursday, February 23, 2023

Blockchain Decentralized Application Hacking Course Part 2 - A Continuation into Smart Contract Hacking and DApp Penetration Testing (Web 3) With Python

New Course Announcement:  
Python  Based Blockchain Hacking, Smart Contract exploitation and Automation


Twitter: https://twitter.com/ficti0n
Website: http://cclabs.io

This is the course announcement for part 2 of our smart contract hacking journey, this time we are going to pick up where we left off leveraging frameworks, automation, other tools.. Starting out learning all the ways to interact with things programmatically with python... Then automate it, attack it, and get into all kinds of other things you have not seen before...  

Note:  This is NOT a re-hash of old material, NOR is it an update of the previous course.. This is all new material and the old course stands on its own as a Pre-Requisite to this course..  Also requiring knowledge of basic python scripting to follow along... 

This course has 3 sections:

  1. Web3.py in depth, Manual attacks and interactions
  2. Automation, Frameworks, Fun things and Automated Attacks
  3. Forensics and DEFI Attacks, Blockchain IDS and information gathering


Here is the Course intro Overview Outline: 


Here is the Overview of Section 1 which is in depth Web3.py basics: 




Other Videos to follow... 

To keep up to date follow the following playlist and follow on twitter: 

https://www.youtube.com/playlist?list=PLCwnLq3tOElrubfUWHa1qKrJv1apO8Aag

Tuesday, August 23, 2022

Blockchain Forensics R&D with Python - Tracking Attackers, Etherscan API Usage, Python Coding, Signature Lookups and Decompiling bytecode

 Added a new playlist over the last few weeks, its up to about 8 videos now which starts out writing code to monitor attackers address changes on the blockchain followed by using EtherScan API's to track some movements and make sense of things with a few other learning points along the way...   

There is one pre-requisite video however which is where this series came from which is another video I created where we took apart a smart contract from a YouTube scam to find the attackers malicious code, so review that first below: 

Twitter: @ficti0n
Web: http://cclabs.io/


If you learn something from this blog/video consider sharing it on your social media or retweeting my posts.


Here is the Pre-Requisite Video to this series Which does a smart contract audit of a malicious front running bot: 



Here is the new playlist series which digs into tracking this attacker: 


Link to full Playlist since blogger is not letting me embed the playlist: 
https://www.youtube.com/playlist?list=PLCwnLq3tOElrUdIg4LgdhPhCKAiy7NZYA




Intro to the playlist: 


 

Real World Social Engineering Part 2: Integrating SE With Stealth Badge Readers Tips and Tricks

 Below is a video on using stealth readers with social engineering to gain access to physical targets on your penetration tests..   This is ...