Scaling and Attacking Scaled Blockchains
High volumes of traffic on a blockchain can cause a number of unforseen consequences, especially when spamming attacks occur. Learn how to prevent DDOSs and prevent blockchain spam.
Exploiting Web and Mobile Apps That Hold Crypto
We will use Metasploit and other penetration testing tools to do recon on sample Blockchain products and discuss how this might be done in the wild.
Security Best Practices for Smart Contract and Beyond
Learn how to thwart possible race conditions in large Ethereum contracts and web/mobile apps that handle crypto. Multi-sig isn't enough. Just ask Bitfinix. Also, we explore database and firewall security.
Meet your team and work together to deploy distributed blockchains, one cloned from Ethereum, and one cloned from Bitcoin Core. Then, it's time to spam these networks and examine the effects with our own cryptocurrencies that sit on top of them. On our Ethereum clone, we will deploy our own tokens and contracts, then hack them by identifying race conditions and underlying network vulnerabilities.
We will sync basic Node.js, Rails and/or PHP (based on each team's experience) web apps that mimic exchanges and casinos the Ethereum and Bitcoin blockchains, as well as our own blockchain clones. We will develop a state of the art database, both NoSQL and SQL-based, to handle user information and send transactions. Then, we will hack them, and discuss how many of these hacks can be detected on similar web apps. We will cover how to securely interact with smart contracts from the web, and a few exploits that exist in the wild today concerning web vendors that interact with contracts (such as Shapeshift).
Time to have some fun. Let's learn how to set up our miners to 51% attack the network and work on security solutions to prevent invalid transactions from piercing our networks. Additionally, we will work on miner manipulation in current blockchains. Furthermore, we will examine double spending and generate confidence scores to create apps that can securely rely on zero-confirmations. Impossible? Possible.
In this week, we will review some current vulnerabilities of the Bitcoin and Ethereum blockchains, discuss solutions, and stage a few attacks to help the communities patch some existing bugs. These will solely be on blockchains and not web apps that rely on them. We are working on getting approval to legally (whitehat) attack a few places. If that approval is granted, we can collectively do this, otherwise we will provide some extensive examples based on some of these target sites.