Posts in English
THCon 2023 “supplychain” writeup
- 24 April 2023
This is a writeup from the “supplychain” challenge of the CTF for THCon 2023, made by Dridri.
Critical analysis of Flashbots
- 13 January 2021
This article is about the Flashbots project (see that post on ethresear.ch for background).
Python logging: do’s and don’ts
- 02 May 2020
Logging is important. Python has a nice logging framework. I very rarely see it used properly, even by experienced programmers.
The bZx attacks explained
- 18 February 2020
This article will examine in details what happened during the two transactions that exploited vulnerabilities to open under-collateralized positions in bZx, causing a loss of equity worth more than a million dollar in total.
Analyzing suspicious smart contract vacuuming
- 18 February 2019
This is the counterpart of Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths, looking at suspicious patterns in the history of Ethereum, where contracts would not be killed but simply emptied by attackers.
How to steal Ethers: scanning for vulnerable contracts
- 05 December 2018
Four years ago, I wrote an article “How to steal Bitcoins” that was about finding address corresponding to weak brainwallets, and some forensic evidence that it was exploited automatically, for profit.
Pakala: yet another EVM symbolic execution tool
- 04 December 2018
Pakala is a tool for symbolic execution of EVM bytecode (like Manticore or Mythril).
Syncing a Parity Archive Node: How-To
- 02 December 2018
For my experiments, I set on having an Ethereum archive node (with the full history of all the states), with Parity.
The perfect password manager
- 11 December 2016
TL;DR: Use a Yubikey 4 with touch-to-sign to store your GPG keys, and use these keys for SSH authentication and storing your secrets with password-store.
Neo4j tips : starting & optimizing
- 06 June 2015
This article is a collection of tips and informations that I found useful to know about neo4j, when learning about it. It also presents some performance tips (from the developer point of view).
A REALLY simple, but powerful Python web crawler
- 11 December 2014
I am fascinated by web crawlers since a long time. With a powerful and fast web crawler, you can take advantage of the amazing amount of knowledge that is available on the web.
How to steal Bitcoins
- 08 March 2014
Every Bitcoin address is based on a secret key, from which the public key (associated to a Bitcoin address) is calculated. Once you have the private key for an address, you have the control of that address and can use it to transfer funds.