Introduction to Ethereum and smart contracts
- Ethereum history and basics
- Proof Of Work vs Proof Of Stake
- Bitcoin vs Ethereum
- Sharding, Beacon Chain and Docking
Smart Contracts introduction part 1
- Smart Contracts basics
- Ethereum Virtual Machine and Solidity
- Accounts, Transactions and Gas
- Storage, Memory and Stack
- Smart Contract bytecode analysis
- LAB: Our first vulnerable smart contract
Smart Contracts introduction part 2
- Types, Enum and Events
- Storage and mappings
- Inheritance
- Reentrancy vulnerability: the DAO hack
- LAB: Steal all my money (Reentrancy)
- Interfaces
- LAB: Block Timestamp: the manipulation vulnerability
Authorization in Smart Contracts
- Authorization in Solidity
- The Open Zeppelin Contracts
- Modifiers
- LAB: Authorization done properly
- LAB: Tx.origin: Authorization bypass
Smart Contract DoS attacks
- LAB: Abusing SELFDESTRUCT
- DoS with Failed Call
- DoS With Block Gas Limit
More vulnerabilities
- Integer Overflow and Underflow
- LAB: Transfer your funds, or mine
- LAB: BatchTransfer Overflow (CVE-2018–10299)
Attacking Solidity libraries
- Introduction to embedded and linked libraries
- LAB: DelegateCall vs Call: how can this impact the security of the smart contract
- LAB: Secure your library calls: attacking DelegaCall to steal funds
Security auditing
- Manual vs automated
- Security auditing tools: mythril, slither, semgrep
Introduction to Smart Contract reverse engineering
- Exploring the bytecode
- Storage and Memory allocation
- The EVM OPCODEs and instructions
- Identifying DELEGATECALLs
Solidity inline assembly
- Introduction to Solidity inline assembly
- Simple instructions
- Stack, memory and storage variables
A deep dive in Reeentrancy attacks
- Classic reentrancy attack recap
- Cross function reentrancy
- Cross contract reentrancy
- Read-only reentrancy
- Detecting potential reentrancy and arbitrary exposure to external calls
Introduction to DeFi security and Web3
- Tokens and DeFi hacks
- NFTs and ERC-721 or ERC-1155
- Exploiting a vulnerable NFT implementation
Creating exploits with Foundry
- Introduction to Foundry
- Our first PoC using Foundry
- Fuzzing a smart contract
Creating Exploits with Ether.js
- Introduction to Ether.js
- Create exploits using Ether.js
Hack Them ALL
- Final Smart Contract Hacking CTF
DATE: November 11th-14th 2024
TIME: 8am to 5pm
VENUE: Holiday Inn Express, Canal De La Villette, Paris
TRAINER: Davide Cioccia
- 32 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included
-VAT included in the price.
Payment via wire is accepted.
Wire Instructions:
SWIFT/BIC code: WFBIUS6S
Bank Name: Wells Fargo Bank
Bank Address: 420 Montgomery San Francisco, CA 94104
Account Name: Def Con Communications Inc
Routing number: 121000248
Account number: 2019560081
You'll receive confirmation within 1 business day.
Registration terms and conditions:
Trainings are refundable before September 15th, the processing fee is €230.
Trainings are non-refundable after October 1st, 2024.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.