stan
49 posts

stan
@stanzz
Security researcher, pwning in HypeBoy, KAIST GoN
Katılım Kasım 2016
401 Takip Edilen409 Takipçiler

We never ask this kind of questions
어둠사자@gnh1201
정보보안 동아리 면접(?) 문제: 당신에게는 암에 걸린 친형제가 있고, 의사로부터 지금부터라도 치료를 시작하면 살 가능성이 있다는 소견을 받았다. 하지만 당신에겐 형제의 치료비를 내줄 돈이 없다. 그러던 중, 의문의 사내에게 연락이 온다. 내가 도심에 주차된 자동차를 몇가지 골라줄거야. ECU를 장악해 원격 조종이 가능하게 해줘. 연료는 가득 채우고. 사람이 타고 있을 때에도 제어가 가능했으면 좋겠어 이 자동차들을 일시에 광장에서 충돌시키는 폭발 퍼포먼스를 해보고 싶어. 이걸 한다면 자네 형제의 치료비를 지불하고도 여유가 남을 정도의 보상을 해주지. 이런 조건에 당신은 응할 것인가?
English
stan retweetledi
stan retweetledi

Code4rena will run audit contests for free, as public goods.
100% of funds from sponsors will go directly to auditors and judges. We won't take any cut.
Why?
1. Competitions are commodities.
They're CRUD apps. Why should builders pay premium for a website just to submit bugs? Especially smaller teams without VC funding.
2. Everyone deserves competitions.
We tell all our clients to get a competition after their audit. That's because competitions simulate real world conditions, where there's thousands of eyes on a protocol. We want to make competitions as affordable as possible so everyone can get one.
3. It benefits our wardens.
In 2021, we invented the competition format. We're still the platform with the largest auditor pool (10,000+ registered). Not only should builders have access to the best security talent, we believe auditors should have opportunities to work with great projects. Opening up our platform benefits our wardens.
How will you afford this?
Zellic is a profitable business. We make money doing traditional private audits through Zellic and Zenith. This benefits us because: (1) our clients are more secure after they run contests, and (2) Code4rena is a talent pipeline for Zenith.
Will you stop maintaining the platform?
Of course not. Since we acquired Code4rena, we've shipped several features and have several more already underway. C4 has a dedicated dev team that we're fully committed to.
Besides, many of our clients at Zellic use C4. We're incentivized to make sure the platform works well. It's just that now we're allowing everyone to benefit from our investments in Code4rena.
In conclusion:
Run a contest on Code4rena! We won't take a cut, your prizes will go directly to wardens and judges.
For full details, check out our blog post here: zellic.io/blog/code4rena…

English
stan retweetledi

Zellic is proud to serve as a whitelisted security provider joining the @UniswapFND Security Fund!
We're excited to provide support for the teams building on Uniswap v4 to help them launch secure, innovative projects.
Uniswap Foundation@UniswapFND
🎊 We're thrilled to announce the 16 security providers joining the Uniswap Foundation Security Fund! These leading firms join @areta_io's marketplace to provide high-quality audits for Uniswap builders, with costs subsidized by the UFSF. Learn more ↓ uniswapfoundation.mirror.xyz/v6aMiVHOHERaXy…
English
stan retweetledi

Just completed my 10th audit as a contractor @zellic_io and these are my top favourite things about this place:
1. They have a diverse and deep talent pool. World top Web security, Cosmos, Rust, Golang, MOVE. They have experts in every direction I want to move into (pun definitely unintended).
2. I still get to be independent, get my own clients, work with other teams. This keeps me fresh, accountable, and at the top of my game.
3. Every time I have asked for a specific type of contract, it magically shows up in my schedule. These past 4 months I've done countless bridges (EVM, OP, Cosmos), Client implementations in rust, governance, staking, etc.
Keen to see what they throw at me next!
English
stan retweetledi

@_lauritz_ there's another interesting trick here 😇
```html
<script>
let a = '<!--<script>';
alert(a); // not work
</script>
<script>
alert(2); // not work
</script>
```
this behavior is also valid for backtick and double quote.
English

TIL: HTML comments work as single-line-comments in JavaScript context 🤯
<script>
<!-- test --> alert(1);
alert(2);
</script>
Only alert(2) is executed.
#HTML #LegacyStuff #XSS

English
stan retweetledi

We HypeBoy topped Plaid CTF 2024! 👑
@_Reinose_en @justlikebono @munsiwoo @real_as3617 @mhibio_ptw @howdays1 @stanzz @soo_sudo @n1net4il @1nteger_c @c2w2m2 @pr0cf51 @cmy981224 @csapp3e ironore15 G0RiYa
Thanks to the great support from dakuo & hellsonic

English
stan retweetledi

Boom! Seunghyun Lee (@0x10n) of KAIST Hacking Lab was able to successfully demonstrate his exploit of #Google Chrome. He's off to the disclosure call to provide us all the details before we bring in the Google team for disclosure. #Pwn2Own #P2OVancouver
English
stan retweetledi
stan retweetledi

















