Blockchain & Smart Contract
Web 3 Vs Web 2
Decentralized vs Single Provider /P 2P/ Immutable vs Immutable /Cypto vs Money/Metamask vs GPay and Wallets
Each node has replica of DB, Distributed ledger /Consensus
Difficult: to attack,
Etherum: Open Source Blockchain Platform, Deplay Smart Contracy, Transar
Not many intermediate transaction fees
Usecases: Decentralized Id (uport / civic), Medical Chain, Voting (followmyvote) / Supply Chain (Vechain)
Dencentral exchange
Delegated (Proof of Stake): Pvt & high financial Stake
Proof of Stake
Public )
Block has
Version
Nonce
Prestlash Timestamp Block Body
Trasaction 1 .. n
Other words: Proof of Authority (only pvt)
count
Work ( Compute node)
Trust No One by Anshuman
the
@ bitdoodler
in/the bit doodler
@ Security Zines
@ Husky Scripts. blog
Phishing Kit
Scan the Scammers
VEG Payment clones of main companies has index. html
Indicators: file names, content inside files
index. css/Style.css/main.js
File hashes, showoffas names/banner.svg
Eg: Disney clone login
Harvesting credentials.
~ Blocking Gots to evade detections
get telegram bot Flexible credentials exfiltration
· usernames
password emails mailed to you
Such free kits have a token posted to steal
from scammers
Urlscan io + IOK (indicator of kits)
open source
phish-report
ronjok
github.com/phish-report/iok
detection: fieldname regex has years
phish.report/ blog /no-honor- amongst-phishers
iok.dev
title is there but not real hostname (indicator of scam kit)
Build your own Threat Intel sink
Pavan Karthik M
with LLMs
Collect dark web forums, blogs, socials ? should we do with ELK?
Gemini & add extensions
GoogleDrive or say "from my documents"
Zapie : workflow paid } No code
N8N: free " }RSS, webhooks / dBs /APIS
Dark.
reading hackernews, reddit, blepping computers, Senitel One,
RSS feed Trigger HTTP meg Hime - G Drive
Hacktivist Channel in Telegram
extract
Docker engine download
N8N > Credentials & GCP
N8N has Html
Setup admin
Create
text content
locally
Oauth
class id
github.com
Client Id
c /5 selector
aahnick/ Egcf
Alternate - ino reader
CVE trends
back-security. medium.com/
Áno integrators bad
drive
Link to presentations https://null.community/events/1019-bangalore-null-owasp-combined-meet#event_sessions
Null
Humla/Bachav/pulliya/ null.comunity
Blockchain&SmartContract
Blockchain & Smart Contract Web 3 Vs Web 2 Decentralized vs Single Provider /P 2P/ Immutable vs Immutable /Cypto vs Money/Metamask vs GPay and Wallets
Each node has replica of DB, Distributed ledger /Consensus Difficult: to attack, Etherum: Open Source Blockchain Platform, Deplay Smart Contracy, Transar
Not many intermediate transaction fees
Usecases: Decentralized Id (uport / civic), Medical Chain, Voting (followmyvote) / Supply Chain (Vechain)
Dencentral exchange
Delegated (Proof of Stake): Pvt & high financial Stake Proof of Stake Public )
Block has
Version Nonce Prestlash Timestamp Block Body Trasaction 1 .. n
Other words: Proof of Authority (only pvt) count Work ( Compute node)
N/W: Testnet, Dev Test, No real
Ropsten Test env,like etherium
Mainnet: Etherum + Smart Contracts
Node: Full, Light (mobile)
SmartContact: Codes like Vending machine Automated Cross border Validation Workflow user+ signature _> Broadcast transaction to nodes 1.nn Nodes -> Validation uncle Nodes
Inside Phising Groups:
Trust No One by Anshuman the @ bitdoodler in/the bit doodler @ Security Zines @ Husky Scripts. blog Phishing Kit Scan the Scammers VEG Payment clones of main companies has index. html Indicators: file names, content inside files index. css/Style.css/main.js
File hashes, showoffas names/banner.svg
Eg: Disney clone login
Such free kits have a token posted to steal from scammers Urlscan io + IOK (indicator of kits) open source phish-report ronjok github.com/phish-report/iok detection: fieldname regex has years
phish.report/ blog /no-honor- amongst-phishers
iok.dev
title is there but not real hostname (indicator of scam kit)
Build your own Threat Intel sink
Pavan Karthik M with LLMs
Collect dark web forums, blogs, socials ? should we do with ELK?
Gemini & add extensions GoogleDrive or say "from my documents" Zapie : workflow paid } No code N8N: free " }RSS, webhooks / dBs /APIS Dark. reading hackernews, reddit, blepping computers, Senitel One, RSS feed Trigger HTTP meg Hime - G Drive Hacktivist Channel in Telegram extract Docker engine download N8N > Credentials & GCP N8N has Html Setup admin Create text content locally Oauth class id github.com Client Id c /5 selector aahnick/ Egcf Alternate - ino reader CVE trends back-security. medium.com/ Áno integrators bad drive