SEC554: Blockchain and Smart Contract Security In 2008, an anonymous author, under the pseudonym Satoshi Nakamoto, published a white paper outlining a public transaction ledger for a decentralized peer-to-peer payment system entitled Bitcoin: A Peer-to-Peer Electronic Cash System, which is regarded as the “birth” of blockchain. Since then, the use of blockchain has evolved beyond its original implementation as a cryptocurrency. It has gained momentum in recent years, being adopted by some of the largest organizations in the world, including IBM, Amazon, PayPal, Mastercard, and Walmart. However, due to the relative newness of blockchain compared to more understood and traditional technologies, its use is still hindered by speculation, confusion, uncertainty, and risk. In SEC554: Blockchain and Smart Contract Security, you will become familiar with essential topics of blockchain and smart contract technology, including its history, design principles, architecture, business use cases, regulatory environment, and technical specifications. The course takes a detailed look at the mechanics behind the cryptography and the transactions that make blockchain work. It provides exercises that will teach you how to use tools to deploy, audit, scan, and exploit blockchain and smart contract assets. Hands-on labs and exercises will enable you to interact with various blockchain implementations, such as ethereum and bitcoin, and you’ll be provided with resources to take with you to further explore. There have already been widespread security breaches, fraud, and hacks on blockchain platforms, resulting in billions of dollars in losses. These issues, along with growing scrutiny by government agencies to find malicious users abusing the technology, is tarnishing blockchain’s reputation. SEC554 approaches blockchain and smart contracts from an offensive perspective to inform students what vulnerabilities exist, how they are exploited, and how to defend against attacks that are currently leveraged today. Some of the skills and techniques you will learn are: • How to interact with and get data from public blockchains • How to exploit several types of smart contract vulnerabilities • How to test and exploit weak cryptography/entropy • How to discover and re-create private keys • What cryptojackers do and how to trace and track movements on blockchain • How to combat non-technical or social engineering types of attacks that adversaries use to access and steal from victims We can see the many solutions blockchain technology can provide as a payment system, but as the technology is increasingly adopted, its attack surface will continue to grow. While there are some educational resources available for blockchain, there is relatively little educational content around blockchain security. No other training provides the comprehensive level of blockchain testing, exercises and knowledge that is delivered in SEC554. Author Statement “Blockchain is a revolutionary solution that solves multiple issues inherent in the social, economic, and technological challenges we face today. Decentralization and self-sovereignty are not just concepts, but fundamental ideals that should be made available and accessible for all to benefit from. But those processes need to be carried out responsibly and securely. In order to drive adoption, security must be a priority for all developers, users, or speculators interacting with blockchains or smart contracts. I’ve always thought the best way to protect something is to learn how to break it.” —Steven Walbroehl You Will Be Able To • Compile and deploy smart contracts • Exploit vulnerable smart contracts, nodes, and private keys • Run automated security scans on smart contracts • Use the latest blockchain tools for development, security, auditing, and exploiting • Trace and discover blockchain transaction information • Set up and protect a cryptocurrency wallet • Crack partially exposed mnemonics keys • Send transactions to blockchain • Set up a local ethereum blockchain for testing • Join a cryptocurrency mining pool, or create your own mining node • Run static analysis on EVM bytecode • Interact with cryptocurrency on main and test networks • Investigate, install, and prevent crypto- jacking malware • Protect and defend against privacy attacks on blockchain 5 Day Program 30 CPEs Laptop Required “ SEC554 gives an excellent education on the next big technological revolution, taught by the folks on the front lines.” —Ravi Danesh, BMO Financial Group • Watch a preview of this course • Discover how to take this course: Online, In-Person sans.org/sec554
