Security Researcher

Created by Santiago Palladino, Ethereum Developer and Security Researcher at OpenZeppelin
92 People have this badge

What everyone's up to

Participated in a bug bounty program
Remember that post from a bit ago? Apparently, my work mapping out and writing up opsec issues was eligible for the company's bug bounty program! I'll probably be putting the money towards launching Doggo.Ninja in a couple of months.

P.S. Woooo! Polywork has comments now :)
Spoke at KubeCon | CloudNativeCon
Spoke about Falco
Spoke about Runtime Security
Found bypasses
+ 2
Gave a talk at KubeCon North America 2020 on how to circumvent the tool that I build.
It was a huge success with a lot of mentions and endorsements over Twitter.
Mentioned as one of the best talks of that KubeCon by the press after the event.

Bypass Falco

📼 📽️

The main goal of Falco is to detect malicious behaviors at runtime and alert you about anything undesirable happening inside your machines. Maybe you trust it as your last line of defense in today’s cloud-native environments, and as a consequence, you sleep like a log.

Well, I’m a Falco maintainer, and I definitely wouldn’t.
Ok, I generally don’t trust anything and still manage to sleep soundly, but that’s a topic for another conversation.

You shouldn’t trust Falco. You shouldn’t trust any tool by default.

During this session, we’re gonna explore how to bypass Falco and leave us like sitting ducks, defenseless.
How? By circumventing the ability of the Falco kernel module or its eBPF probe to trace the syscalls happening into your Linux kernels.
 
Join this talk to get to know the details, and participate in this next-level collective drama.
Reported a bug
White Hat
Reported a Security vulnerability to @Medium & got recognition on humans.txt
White Hat
Token Rescue
Rescued a bunch of Ethereum ERC20 tokens in a friends' compromised account by using Flashbots.