REPTILEHAUS at Hacktivity Budapest ’18
Having attended tons of blockchain and crypto related conferences all over the world I thought it was about time to visit a hacking conference.
During the Summertime of 2018 I was invited to a private soiree in Berlin by dr.-ing. Mario Heiderich, of Berlin based penetration testing firm Cure53, which was a fantastic event and a great time to network and put faces to what had up until this point been known to myself by their Twitter names – This was my first un/official hacking conference that I attended and I thought it was time to change that so when I saw that there was a conference happening in Budapest that claims to be “The IT Security Festival in Central & Eastern Europe” I thought why not and booked a ticket.
I was especially interested to see anything related to Blockchain, Solidity etc and it did not disappoint, Zoltan Balazs CTO of MRG Effitas gave a nice talk and intro to Smart Contract hacking entitled “Explain Ethereum Smart Contract Hacking Like I Am Five” which did exactly as it said on the tin and although I am extremely familiar with all the latest hacks and pitfalls like re-entrancy, integer underflow/overflow (you really should be using OpenZeppelins SafeMath in 2019), lack true randomness (not a hack but relying on non-deterministic block information as a source of entropy – can be interfered with by validators), The DAO hack, The Parity hack etc it was still very informative and nicely delivered.
Check out his slides below:
Also noteworthy was one of the workshops on finding and exploiting XSS vulnerabilities delivered by Péter Zsíros, XSS is not a vulnerability that excites me so much, most of the time its just popping alert boxes and I get that it can be chained as part of a more elaborate attack vector but the majority of the time its not so high priority (personal opinion), that being said I really enjoyed this workshop and the hands on demo’s he supplied, he went from beginning to post exploitation using Beef and other automated tools as well as a whole host of examples that he went through, I definitely learned a thing or two during this class.