Gryphus ☣ Mario

The final part of our State of the Art of Private Key Security in Blockchain Operations series is live! 🔐 [4/4] Approvals & Policies Talking about Approvals (by humans) & Policies (what can be signed): 🔗 nccgroup.com/research-blog/… 🧵 A quick recap of the full series 👇

🎣 Just released: GoPhish MCP Server! ✨ Features: 🎯 Campaign management (CRUD + analytics) 👥 Groups, templates, pages, SMTP profiles 📊 Advanced analytics & reporting 🔍 Smart search & utilities github.com/dan1t0/gophish… #GoPhish #MCP #AI

Whether you're worried about the keys on your project, or about managing institutional funds, I hope you can get some (good) ideas from these posts!

The final part of our State of the Art of Private Key Security in Blockchain Operations series is live! 🔐 [4/4] Approvals & Policies Talking about Approvals (by humans) & Policies (what can be signed): 🔗 nccgroup.com/research-blog/… 🧵 A quick recap of the full series 👇

[3/4] Private Key Storage & Signing Modules A look into the pieces that actually hold and use private keys. HSMs, Enclaves, and types of storage for operational keys (including where you should never store them) 🔗nccgroup.com/research-blog/…

[2/4] Common Custody Solutions Architectures Showcasing some of the common architecture designs (off-chain centralized, off-chain MPC, on-chain) and their core components 🔗 nccgroup.com/research-blog/…

[1/4] Concepts, Wallet Types & Signing Strategies Foundations of key management: Multisig, MPC, offchain vs onchain, and how these models shape custody design. 🔗 nccgroup.com/research-blog/…

In case you missed the earlier parts 👇 [1/4] Concepts, Wallet Types & Signing Strategies 🔗 nccgroup.com/research-blog/… [2/4] Common Custody Architectures 🔗 nccgroup.com/research-blog/…

Part 3 of our Private Key Security for Blockchain Operations series is live! This one dives into the heart of custody solutions — the Private Key Storage & Signing Module 🔐 Do's and Don'ts of private key storage! 🔗 nccgroup.com/research-blog/…

We just published the first two posts of our "State of the Art of Private Key Security in Blockchain Operations" series! 🔹 [1/4] Concepts, Types of Wallets & Signing Strategies 🔹 [2/4] Common Custody Solutions Architectures nccgroup.com/research-blog/… nccgroup.com/research-blog/…

We @VennBuild just discovered a critical backdoor on thousands of smart contracts leaving over $10,000,000 at risk for months Along with the help of security researchers @dedaub @pcaversaccio, the seals team @seal_911 and others, we managed to rescue the majority of funds before the attacker could make their move. This is the story of how a sophisticated attacker (cough Lazarus) put backdoors in thousands of contracts and ALMOST got away with it 🧵

@PatrickAlphaC The main issue is when one of the EIP-712 fields is calldata of another contract (like all Safe{Wallet} fields) which will just be a bunch of hex data that your HW wallet won't decode, like this example below:

So... what do we need to see on our wallets? If we have any one of these (all the data, message & domain hash, safeTxHash) that's enough to verify that what we are signing. Ideally, we get the safeTxhash, since it's the easiest to verify (cuz it's just a single hash)

What should your hardware wallet show you? When you sign a transaction or a message, what is the information you NEED to verify what you're signing is correct? If you don't know, you must watch this, and/or read this thread. 👇

In-depth technical analysis of the Bybit hack (more than $1.4 billion assets): nccgroup.com/us/research-bl… Awesome work @Grifo!!

Behind the hype, missteps, and marketing buzz, there’s great work with USB Bluetooth (github.com/antoniovazquez…) and the research that supports it! Congratulations @antonvblanco

I've released an improved version of Monkey365. More than 70 rules from both Azure and Microsoft 365 were automated, improved support for CIS 3.0 benchmarks, bug fixes and much more. Check it now! github.com/silverhack/mon… #cloudsecurity #azure #microsoft365 #PenTest #EntraID

I'm thrilled to share that a new release of #Monkey365 is out! With many improvements, including the incorporation of the entire list of CIS controls github.com/silverhack/mon… #cloudsecurity #azuresecurity #microsoft365security #AzureAD #EntraID #CSPM #microsoft365

World's best CSS developer 😂

Today, my PC was nearly compromised. With just one click, I installed a malicious @code extension. Luckily, I was saved as my PC doesn't run on Windows. Hackers are getting smarter and aren't just targeting beginners. Here's how they do it and how you can protect your coins!

@felmoltor Can't stop recommending it