Smart Contract Auditor Roadmap 2023
Discussing how to get into Smart Contract Auditing and Web3 Security with Tyrese Tetteh and Amaechi Okolobi - Chainlink Developer Advocates and Students at Brunel University.
Links:
https://code4rena.com/
https://secureum.substack.com/
https://yacademy.dev/
https://spearbit.com/
Full podcast: https://www.youtube.com/watch?v=g79DFfBaTew
7
views
Cyber Security vs Web3 Security as a Career for 2023
An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. In just under a year, Trust has rocketed to the top of the code4rena leaderboard, and has made waves on both code4rena and Immunefi.
In this conversation, we delve into Trust's background as an exploit developer at NSO Group, and learn more about his decision to leave and pursue a career in web3 security. Trust discusses his work performing audits on code4rena, participating in bug bounties on Immunefi, and shares with us his methodology and mindset around bounty hunting and security research.
Full Podcast: https://www.youtube.com/watch?v=NC4uzV-syIw
7
views
Cyber Security vs Web3 Security as a Career 2023
An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. In just under a year, Trust has rocketed to the top of the code4rena leaderboard, and has made waves on both code4rena and Immunefi.
In this conversation, we delve into Trust's background as an exploit developer at NSO Group, and learn more about his decision to leave and pursue a career in web3 security. Trust discusses his work performing audits on code4rena, participating in bug bounties on Immunefi, and shares with us his methodology and mindset around bounty hunting and security research.
Full Podcast: https://www.youtube.com/watch?v=NC4uzV-syIw
2
views
Web3 Security Learning Resources
An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. In just under a year, Trust has rocketed to the top of the code4rena leaderboard, and has made waves on both code4rena and Immunefi.
In this conversation, we delve into Trust's background as an exploit developer at NSO Group, and learn more about his decision to leave and pursue a career in web3 security. Trust discusses his work performing audits on code4rena, participating in bug bounties on Immunefi, and shares with us his methodology and mindset around bounty hunting and security research.
Full Podcast: https://www.youtube.com/watch?v=NC4uzV-syIw
5
views
Ex-NSO Hacker Explains his Shift into Web3 Security
An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. In just under a year, Trust has rocketed to the top of the code4rena leaderboard, and has made waves on both code4rena and Immunefi.
In this conversation, we delve into Trust's background as an exploit developer at NSO Group, and learn more about his decision to leave and pursue a career in web3 security. Trust discusses his work performing audits on code4rena, participating in bug bounties on Immunefi, and shares with us his methodology and mindset around bounty hunting and security research.
Full Podcast: https://www.youtube.com/watch?v=NC4uzV-syIw
5
views
Ex-NSO Hacker Shares Insights on Working at the Company
An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. In just under a year, Trust has rocketed to the top of the code4rena leaderboard, and has made waves on both code4rena and Immunefi.
In this conversation, we delve into Trust's background as an exploit developer at NSO Group, and learn more about his decision to leave and pursue a career in web3 security. Trust discusses his work performing audits on code4rena, participating in bug bounties on Immunefi, and shares with us his methodology and mindset around bounty hunting and security research.
Full Podcast: https://www.youtube.com/watch?v=NC4uzV-syIw
2
views
From NSO Group Hacker to Web3 Security Researcher: An Interview with Trust
An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. In just under a year, Trust has rocketed to the top of the code4rena leaderboard, and has made waves on both code4rena and Immunefi.
In this conversation, we delve into Trust's background as an exploit developer at NSO Group, and learn more about his decision to leave and pursue a career in web3 security. Trust discusses his work performing audits on code4rena, participating in bug bounties on Immunefi, and shares with us his methodology and mindset around bounty hunting and security research.
Contact Trust:
https://twitter.com/trust__90
https://www.trustindistrust.com/
Links:
https://code4rena.com/
https://immunefi.com/
OUTLINE:
00:00 - Intro
2:49 - Israel Defense Forces
10:16 - Experience as an Exploit Dev
20:25 - Working at NSO Group
29:16 - Switching to web3 security
38:16 - Traditional (web2) Bug Bounties
41:08 - Web3 Learning Resources
47:29 - Audit Methodology
1:02:10 - Auditing on code4rena
1:07:14 - Audit Methodology cont.
1:13:25 - Bounty Hunting on Immunefi
1:24:02 - Becoming a Judge on code4rena
1:28:20 - Trust Security: Private Audits
1:37:51 - Getting a job VS being an independent security researcher
1:39:56 - Web2 or Web3 as a career for 2023
1:42:08 - ChatGPT for auditors
1:48:28 - ZK auditing
1:51:33 - Future of smart contract auditing
16
views
Working as an Exploit Developer at NSO Group
Trust talks about his experience working at NSO Group as an iOS exploit developer, discovering 0-click, 1-click zero-day vulnerabilities.
An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. In this conversation, we delve into Trust's background as a security researcher and exploit developer at NSO Group, and learn more about his decision to leave and pursue a career in web3 security.
Full Podcast: https://www.youtube.com/watch?v=NC4uzV-syIw
4
views
Trust's Smart Contract Auditing Methodology
Trust describes his methodology for auditing smart contracts.
An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. In this conversation, we delve into Trust's background as a security researcher and exploit developer at NSO Group, and learn more about his decision to leave and pursue a career in web3 security.
Full Podcast: https://www.youtube.com/watch?v=NC4uzV-syIw
2
views
ChatGPT for Security Researchers
How security researchers can utilize ChatGPT to assist in their work.
An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. In this conversation, we delve into Trust's background as a security researcher and exploit developer at NSO Group, and learn more about his decision to leave and pursue a career in web3 security.
Full Podcast: https://www.youtube.com/watch?v=NC4uzV-syIw
3
views
0xDjango - Code4rena and Immunefi Bounty Hunting
0xDjango went full time in web3 security as an independent researcher this year, and has found success on both Code4rena and Immunefi earning over 400k combined in bounty rewards.
In this conversation we talk about how he transitioned into web3 security, bounty hunting and tips for beginners getting started in this field.
Links:
https://code4rena.com/
https://immunefi.com/
Learning Resources:
https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b
The Saloon:
https://discord.gg/qE8wpbP5rW
https://twitter.com/saloonfinance
Follow Django:
https://twitter.com/0xdjangoonchain
OUTLINE:
00:00 - Background
2:07 - Learning Solidity
4:11 - Learning Web3 Security
6:51 - Audit Methodology
8:33 - Bounty Hunting Full Time
9:52 - Immunefi
17:25 - Picking Targets
20:40 - Million $ Bounties
22:04 - Code4rena vs Immunefi
29:58 - Auditing as a Team
31:40 - Upskilling Quickly
34:53 - Traditional Auditing vs Decentralized Audit Models
39:43 - Immunefi Audit Methodology
48:09 - Diverse Backgrounds of Auditors
49:28 - New Bug Bounty Platform - The Saloon
1:02:49 - How to Learn Blockchain and Smart Contract Hacking
1:06:33 - Future Predictions of Web3 Bug Bounties
5
views
My CV - Getting a JOB as a Smart Contract Auditor
This was the resume that I used to land a job as a smart contract auditor in the web3 security space. Got good response rates with top auditing firms.
Q&A - How to Get into Web3 Security as a Student
Discussing how to get into Smart Contract Auditing and Web3 Security with Tyrese Tetteh and Amaechi Okolobi - Chainlink Developer Advocates and Students at Brunel University.
Tyrese & Amaechi:
https://twitter.com/Tettehnetworks
https://twitter.com/AmaechiEth
https://chainlinktoday.com/chainlink-hosts-smart-contract-developer-bootcamp-at-imperial-college-london/
Links:
https://code4rena.com/
https://secureum.substack.com/
https://yacademy.dev/
https://spearbit.com/
OUTLINE:
00:00 - Background
9:14 - Getting into Web3 Security
11:24 - Getting a job
13:16 - Code4rena
19:49 - Smart Contract Auditing Bootcamps
21:44 - Advice for Code4rena
23:57 - Spearbit
26:33 - Cyber Security vs Developer background
28:12 - Confidence and Determination
38:05 - Audit Methodology for Code4rena (breadth first search vs depth first search)
4
views
Senior Smart Contract Auditor Salaries
Full Podcast: https://www.youtube.com/watch?v=cHAOoANmSNA
1
view
@Jackson Kelley Leaving FAANG for Crypto, Web3 Security, Software Engineering and Career Advice
Jackson Kelly is a software engineer (ex-Amazon), smart contract auditor and career coach with over 10 years of experience in tech.
In this conversation we discuss his move from FAANG to working in the crypto space, his smart contract auditing methodology, opportunities in web3 and advice for students considering a career in tech.
LINKS:
https://www.youtube.com/c/JacksonKelley
https://twitter.com/sjkelleyjr
https://jacksonkelley.gumroad.com/l/how-to-become-a-smart-contract-auditor/
https://medium.com/coinmonks/5-solidity-code-smells-87bb2f259dde
https://code4rena.com/
https://yacademy.dev/
https://spearbit.com/
OUTLINE:
00:00 - Background
8:04 - Working at Amazon
14:13 - Software Engineering vs Smart Contract Auditing
16:46 - Lessons learned from Amazon
19:09 - Adversarial/Hacker Mindset
21:53 - FAANG Interview Tips
28:13 - Coding Interviews
30:32 - Do you need a Degree
32:08 - Smart Contract Auditing Methodology
35:23 - Developing Intuition for Vulnerable Code
38:54 - Learning Resources for Smart Contract Auditing
47:43 - Getting a Job as a Smart Contract Auditor
55:12 - yAcademy
1:01:43 - Spearbit
1:05:11 - Senior Smart Contract Auditor Salaries
1:07:49 - Working at Robinhood
1:14:31 - Working as a Developer vs Auditor
1:17:24 - Cyber Security background vs Developer background
1:19:53 - Web3 security in the next 2-5 years
1:28:35 - Advice for Students
1:32:55 - Deciding what to work on
1:35:36 - Being a new dad
1:40:24 - Jackson's YouTube Videos
12
views
How to become a Smart Contract Auditor - Top 5 FREE Learning Resources
Links:
https://cmichel.io/how-to-become-a-smart-contract-auditor/
https://www.youtube.com/watch?v=gyMwXuJrbJQ
https://www.damnvulnerabledefi.xyz/
https://ethernaut.openzeppelin.com/
https://secureum.substack.com/
https://code4rena.com/
https://www.youtube.com/watch?v=-469Gcye-ZE
4
views
Cyber Security in the Israel Defense Forces (IDF)
Full Podcast: https://www.youtube.com/watch?v=YCsfUrzrcgQ
4
views