Overview
Syllabus
Intro
Speaker background
My introduction to cryptocurrency
Blind XSS and Internal Privilege E
Blind XSS on Wyre leads to full KYC
In 2022, who owns your crypto?
SQL injection on Vulcan Forged lead Key and API Key Disclosure
Introduction of the Ethereum and Defi ecosyste
Full Account Takeover on Vercel via
uxss on nux/image library via improper parsing
Universal Open Redirect on Next.js
UXSS via Reverse Proxy loading Unrestricted
UXSS via Reverse Proxy loading Up
Instapage XSS and Subdomain Take
Improper Host Whitelisting on Gitbook
Remote Code Execution leads t compromise of 150mm market-cap stable
Remote Code Execution leads to AWS compromise of 150mm market-cap stablecoin
Full Takeover of .TO TLD leads to Compromise of USDT provisioning ser
Full Account Takeover on Crypteriun
Full Account Takeover on Roll
Final thoughts
Taught by
NahamSec