HITB-Invoice-Logo

thank you for joining us!

Web3 + Scams = It’s a Match!

Date

August 26, 2022

Time

10:30

Track

CommSec Track

In 2022, there is rarely a week without a stolen JPEG worth 100K USD, yet most consumer-grade endpoint protection does not even know what a dApp looks like. Even ITSEC people do not understand or agree on what a dApp looks like or even what Web3 is.

Most cryptocurrency-related scams are not sophisticated, yet they are paramount due to the damage they can cause. While researching the magical world of crypto scams, I have identified at least 35 different types of these scams. These can be cheap replicas from the “pre-Web3” world. Others are novel and specific to Web3 and smart contracts. Pump and dump or rug pull are not unknown, but proof of weak hands or NFT airdrop scams are the products of the new Web3 world order.

Warning: this research includes blockchain mumbo jumbo, but I will turn down the hype factor.

Speakers

Head of Vulnerability Research

CUJO AI

Zoltan (@zh4ck) is the Head of Vulnerability Research at CUJO AI, a company focusing on home IoT Security. Before joining CUJO AI he worked as a CTO for an AV tester company, an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras. He has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking. Proud OSCE

Other Talks in This Track

LOCATION

CommSec Track

DATE

August 26

TIME

11:30

LOCATION

CommSec Track

DATE

August 26

TIME

12:00

LOCATION

CommSec Track

DATE

August 26

TIME

16:30