Security - 🟧heystacks
Crypto Best Security Practices ⚠️
Now that the NFT bull run is back it's important to make sure your assets are secure. Here is a 17 page document that covers the basics. Thought this might save a life or two. Enjoy and stay safe, friends!
Polynetwork and Hacker Communicate
On the 10th of August 2021, the decentralized finance (defi) project Poly Network suffered a loss of over $600 million in various tokens due to smart contract bug. Exploiter has communicated with Poly team via blockchain messages and returned some of the funds. This sheets keeps track of the communication and the transfers.
Spreadsheet listing all known as well as unidentified ransomwhare plus detection and prevention guides.
Attacking Secondary Contexts in Web Applications
Security considerations when using modern routing technologies for web servers by Sam Curry
Graded Cyber Policy Papers
A collection of studies about cyber security in military and civilian context.
Penetrum security analysis of TikTok versions 10.0.8 - 15.2.3
APT Groups and Operations
Cyber security companies and Antivirus vendors use different names for the same threat actors and often refer to the reports and group names of each other. However, it is a difficult task to keep track of the different names and naming schemes. I wanted to create a reference that answers questions like "I read a report about the 'Tsar Team', is there another name for that group?" or "Attackers used 'China Chopper' webshell, which of the APT groups did use that shell too?" or "Did he just say 'NetTraveler'? So, does he talk about Chinese or Russian attackers?"