Posts in English
THCon 2023 “supplychain” writeup
- 24 April 2023
- Language: English
This is a writeup from the “supplychain” challenge of the CTF for THCon 2023, made by Dridri.
Critical analysis of Flashbots
- 13 January 2021
- Language: English
This article is about the Flashbots project (see that post on ethresear.ch for background).
Python logging: do’s and don’ts
- 02 May 2020
- Language: English
Logging is important. Python has a nice logging framework. I very rarely see it used properly, even by experienced programmers.
The bZx attacks explained
- 18 February 2020
- Language: English
This article will examine in details what happened during the two transactions that exploited vulnerabilities to open under-collateralized positions in bZx, causing a loss of equity worth more than a million dollar in total.
Analyzing suspicious smart contract vacuuming
- 18 February 2019
- Language: English
This is the counterpart of Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths, looking at suspicious patterns in the history of Ethereum, where contracts would not be killed but simply emptied by attackers.
How to steal Ethers: scanning for vulnerable contracts
- 05 December 2018
- Language: English
Four years ago, I wrote an article “How to steal Bitcoins” that was about finding address corresponding to weak brainwallets, and some forensic evidence that it was exploited automatically, for profit.
Pakala: yet another EVM symbolic execution tool
- 04 December 2018
- Language: English
Pakala is a tool for symbolic execution of EVM bytecode (like Manticore or Mythril).
Syncing a Parity Archive Node: How-To
- 02 December 2018
- Language: English
For my experiments, I set on having an Ethereum archive node (with the full history of all the states), with Parity.
The perfect password manager
TL;DR: Use a Yubikey 4 with touch-to-sign to store your GPG keys, and use these keys for SSH authentication and storing your secrets with password-store.
Neo4j tips : starting & optimizing
- 06 June 2015
- Language: English
This article is a collection of tips and informations that I found useful to know about neo4j, when learning about it. It also presents some performance tips (from the developer point of view).
A REALLY simple, but powerful Python web crawler
- 11 December 2014
- Language: English
I am fascinated by web crawlers since a long time. With a powerful and fast web crawler, you can take advantage of the amazing amount of knowledge that is available on the web.
How to steal Bitcoins
Every Bitcoin address is based on a secret key, from which the public key (associated to a Bitcoin address) is calculated. Once you have the private key for an address, you have the control of that address and can use it to transfer funds.