Sign up to save your podcasts
Or
Share Episode 335 - Web 3 and Scams - a Hack-in-the-Box takeaway
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 335 - Web 3 and Scams - a Hack-in-the-Box takeaway
Jane Lo, Singapore Correspndent speaks with Zoltán Balázs, Head of Vulnerability Research at CUJO AI. CUJO AI is a company focusing on home IoT Security. Before joining CUJO AI he worked as a CTO for an AV tester company, an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras. Zoltán has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking. Proud OSCE. In this on-site interview at “Hack-in-the-Box” held at the Singapore Intercontinental Hotel, Zoltán gives some highlights of his presentation on “Web3 + Scams = It’s a Match!” Sharing his perspective on what the Web3 world encompasses – including non-fungible tokens (NFTs) – he explains how some of the over-valuations reported in the media for NFTs may leave an impression of fraud and scams. He also points out how some of the old fashion investment scams such as “rug pulls” and “pump and dump” still plagues the Web3 world. One common tactic, such as preying on victim’s “fear of missing out” (FOMO) on an attractive investment, can also be seen in the promotion of Bored Apes Yacht Club NFT collection. Zoltán also outlines a highly notable scam known as the “Squid Game” rug pull, where the combination of the ease of creating tokens, and the popularity of the Netflix TV show lured victims to put money into the fraudulent investment scheme. To avoid falling victim to one of the scams, Zoltán’s advice is “take time, don’t rush.” Recorded on-site at the Singapore Intercontinental Hotel in Bugis, 26th August 2022, 11am Singapore Time.
View all episodes
By MySecurity Media
3.9
1919 ratings
Jane Lo, Singapore Correspndent speaks with Zoltán Balázs, Head of Vulnerability Research at CUJO AI. CUJO AI is a company focusing on home IoT Security. Before joining CUJO AI he worked as a CTO for an AV tester company, an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras. Zoltán has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking. Proud OSCE. In this on-site interview at “Hack-in-the-Box” held at the Singapore Intercontinental Hotel, Zoltán gives some highlights of his presentation on “Web3 + Scams = It’s a Match!” Sharing his perspective on what the Web3 world encompasses – including non-fungible tokens (NFTs) – he explains how some of the over-valuations reported in the media for NFTs may leave an impression of fraud and scams. He also points out how some of the old fashion investment scams such as “rug pulls” and “pump and dump” still plagues the Web3 world. One common tactic, such as preying on victim’s “fear of missing out” (FOMO) on an attractive investment, can also be seen in the promotion of Bored Apes Yacht Club NFT collection. Zoltán also outlines a highly notable scam known as the “Squid Game” rug pull, where the combination of the ease of creating tokens, and the popularity of the Netflix TV show lured victims to put money into the fraudulent investment scheme. To avoid falling victim to one of the scams, Zoltán’s advice is “take time, don’t rush.” Recorded on-site at the Singapore Intercontinental Hotel in Bugis, 26th August 2022, 11am Singapore Time.
More shows like Cyber Security Weekly Podcast
View all
Security Now (Audio)
1,976 Listeners
Risky Business
365 Listeners
Future Tense
73 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Politics Now
104 Listeners
Smashing Security
312 Listeners
Click Here
412 Listeners
Darknet Diaries
7,879 Listeners
Cybersecurity Today
166 Listeners
If You're Listening
313 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
A Bit of Optimism
2,186 Listeners
Cyber Security Headlines
127 Listeners
The TED AI Show
46 Listeners