SEC554: Blockchain & Smart Contract Security

What You Will Learn

In 2008, an anonymous author using the pseudonym Satoshi Nakamoto, published a white paper outlining a public transaction ledger for a decentralized peer-to-peer payment system entitled Bitcoin: A Peer-to-Peer Electronic Cash System, which is regarded as the "birth" of blockchain. Since then, the use of blockchain has evolved beyond its original implementation as a cryptocurrency. It has gained momentum in recent years, being adopted by some of the largest organizations in the world, including IBM, Amazon, PayPal, Mastercard, and many others. However, due to the fast moving innovation and adoption of blockchain, and the unfamiliar concepts compared to more understood and traditional technologies, its use is still hindered by speculation, confusion, uncertainty, and risk.

In SEC554: Blockchain and Smart Contract Security, you will become familiar with essential topics of blockchain and smart contract technology, including its history, design principles, architecture, business use cases, regulatory environment, and technical specifications. The course takes a detailed look at the mechanics behind the cryptography and the transactions that make blockchain work. It provides exercises that will teach you how to use tools to deploy, audit, scan, and exploit blockchain and smart contract assets. Hands-on labs and exercises will enable you to deploy, audit, scan, and exploit various blockchain implementations, such as Bitcoin, Ethereum, Solana, Cosmos, Near and others, as well as smart contract languages like Solidity and Rust, along with protocols, such as NFTs, DeFi, and Web3.

There have already been widespread security breaches, fraud, and hacks on blockchain platforms, resulting in billions of dollars in losses. These issues, along with growing scrutiny by government agencies to find malicious users abusing the technology, is tarnishing blockchain's reputation. SEC554 approaches blockchain security and smart contracts from an offensive perspective to inform students what vulnerabilities exist, how they are exploited, and how to defend against attacks that are currently leveraged today. Some of the skills and techniques you will learn include how to:

Interact with and get data from public blockchains
Exploit several types of smart contract vulnerabilities
Test and exploit weak cryptography/entropy
Discover and re-create private keys
Understand what cryptojackers do and how to trace and track movements on blockchain
Combat non-technical or social engineering types of attacks that adversaries use to access and steal from victims

We can see the many solutions blockchain technology can provide as a payment system, but as the technology is increasingly adopted, its attack surface will continue to grow. While there are some educational resources available for blockchain, there is relatively little educational content around blockchain security. No other training provides the comprehensive level of blockchain testing, exercises and knowledge that SEC554 delivers.

You Will Be Able To

Compile and deploy smart contracts
Exploit vulnerable smart contracts, nodes, and private keys
Run automated security scans on smart contracts
Use the latest blockchain tools for development, security, auditing, and exploiting
Trace and discover blockchain transaction information
Set up and protect a cryptocurrency wallet
Crack partially exposed mnemonics keys
Send transactions to blockchain
Set up a local Ethereum blockchain for testing
Join a cryptocurrency mining pool, or create your own mining node
Run static analysis on EVM bytecode
Interact with cryptocurrency on main and test networks
Investigate, install, and prevent crypto-jacking malware
Protect and defend against privacy attacks on blockchain

You Will Receive With This Course

ZIION blockchain and smart contract testing and development platform
Access to a full Bitcoin testnet node
Reference documents outlining all the common smart contract vulnerability classes
Cheat sheet for the most common blockchain CLI tool commands
28 labs with custom tools
Course workbook

Syllabus (30 CPEs)

Download PDF

SEC554.1: Blockchain and Smart Contract Fundamentals
Overview
The first course section begins by establishing the fundamentals of blockchain technology and how it is applied to real-world problems. We willl also look at smart contract technology and walk through examples of how it is applied today in various industries and market use cases. The most important technical aspects that make up blockchain architecture are discussed, along with examples and case studies.
Students will:
- Generate public and private key pairs used by blockchain
- Create different types of cryptocurrency wallets
- Deep-dive into the different consensus mechanisms like Proof of Work and Proof of Stake that make blockchain a decentralized system
- Learn how crypto currency mining works
- Investigate what happens during transactions
The section concludes with the common classifications of vulnerabilities and attacks. This lesson will feature scenarios and exercises to send and receive blockchain transactions, and students will see live transactions on the public chain through various block explorers. We will then spend time learning and using blockchain security tools that exploit private keys and users, and cover the common mistakes people make when using them.
Exercises
Lab 1.1: Use Metamask to Swap on a DeFi Exchange
Lab 1.2: Brute Force a Mnemonic Phrase to Access a Wallet
Lab 1.3: Recreate a Key to Investigate Multi-Chain Transactions
Lab 1.4: Join a Mining Pool and Create a Validator
Lab 1.5: Use Various Blockchain Clients to Discover Funds
Lab 1.6 Locate and Exploit an Exposed Private Key
Topics
Blockchain and Smart Contract Fundamentals
- Origin and Purpose
- Types of Blockchains
- Smart Contract Overview
- Common Use Cases
Blockchain Keys
- Wallets and Keys
- Mnemonic Keys (BIP-32/BIP-39)
- Attacks on Private Keys
- Case Study: Mnemonic Reconstruction
Blockchain Transactions
- Block Explorers
- BTC, EVM, Solana, Monero and other transactions
- Case Study: Poly Network Hack Transactions
Consensus Protocols
- Proof of Work
- Security Issues in Proof of Work
- Proof of Stake
- Security Issues in Proof of Stake
- Other Consensus Types
Blockchain Architecture
- BTC, EVM, Rust, Golang Clients, APIs, and SDKs
Blockchain Vulnerabilities and Attacks
- Network and Consensus Security Issues
- Smart Contract and Code Security Issues
- Wallet and Client Security Issues
- Centralization Security Issues
- User Security Issues
SEC554.2: Smart Contract Hacking - Solidity
Overview
This course section focuses on the security aspects of the most widely used smart contract platform, Ethereum. Smart contracts differ in architecture from blockchains such as Bitcoin because of their multi-purpose implementations. Developers write smart contracts in languages such as Solidity, which often contain bugs and vulnerabilities. The vulnerabilities can be exploited on the public main-net and cause massive amounts of financial and reputational damage. We will introduce the Ethereum smart contract programming language, Solidity, and examine how to compile, deploy, and interact with smart contracts locally and remotely. We also discuss the common access control standards, and security libraries to use in Solidity. We explore how NFT (Non-Fungible Tokens) work, and the unique vulnerabilities that can be exploited.
After students are familiar with the development process from using tools like Truffle, Ganache, Brownie, and Hardhat to deep-dive into the common 7thereum vulnerabilities and walk through case studies of how they have been exploited in the past. Several tools and scanners, such as Slither, Mythril, and Remix, are provided for students to identify and validate these vulnerabilities. Methods of performing security audits, like formal verification and symbolic execution, are explained. Finally, after students learn how to identify a smart contract vulnerability, well attack and exploit a custom smart contract on a locally created Ethereum network deployed by the students.
Exercises
Lab 2.1: Identifying the Function Exploited on a Contract
Lab 2.2: Compiling and Deploying a Smart Contract
Lab 2.3: Exploiting a Vulnerable Smart Contract
Lab 2.4: Scanning a Contract for Vulnerabilities
Lab 2.5: Exploiting an NFT Contract to Mint a Coin
Topics
Solidity Basics
- Solidity Language Overview
- Storage, Memory, and CallData
- Function Selectors
- Interacting with EVM Smart Contracts
Compiling and Deploying Contracts
- The Solidity Compiler
- ABI, Bytecode, Gas, and Opcodes
- Networks and Frameworks for Auditing
- Deploying a Smart Contract
Smart Contract Security Issues
- Security Hacks on Ethereum
- Common Vulnerabilities and Attacks
- Case Study: The DAO Hack
- Case Study: The Party Multisig Hack
Auditing and Hacking Solidity Smart Contracts
- Static Analysis and Symbolic Execution
- Manual Testing and Formal Verification
- Security Testing and Auditing Tools
Contract Libraries and Standards
- ERC Standards
- Solidity Security Libraries
- Access Control and Contract Delegation Exploits
- Case Study: The Poly-Network Hack
NFT Vulnerabilities
- NFT Vulnerability Categories
- Case Study: Hacking an NFT Loot Bag
SEC554.3: Smart Contract Hacking - Rust
Overview
Course section three focuses on the blockchains and contracts that are built with Rust. These blockchains are usually Proof-of-Stake systems, and have unique aspects due to the programming language used. We introduce the Rust programming language, which is a memory efficient high-level language, and we learn about the code specific vulnerabilities that can be found. We use tools to help find exploitable bugs, like cargo. Then we deep-dive into specific technologies built with rust in the blockchain ecosystem, like Solana, CosmWasm, and Substrate. New vulnerabilities, like taking over accounts, PDAs, SPL, and unique Rust-based hacks are all explained and demonstrated.
After the technical blockchain fundamentals are established and have become familiar to students, the course builds on that knowledge with a focus on security topics scoped to blockchain systems such as the Bitcoin network. Students learn the security principles that make blockchain different from traditional technology systems, and then begin to discover some of the weaknesses in a blockchain system and how they are attacked.
Exercises
Lab 3.1: Web Application Hacking with Rust
Lab 3.2: Substrate Exploit - SANS Kitties
Lab 3.3: Exploiting Solana Account Type Confusion
Lab 3.4: Setup and Interact with a Local CosmWasm Blockchain
Lab 3.5: Compile and Deploy a CosmWasm Smart Contract
Lab 3.6: Exploit a Vulnerable CosmWasm Smart Contract
Topics
Rust Overview
- What is Rust
- Rust Security
- Rust Developer Tools
Substrate
- Substrate Architecture
- Substrate Vulnerabilities
CosmWasm
- What is CosmWasm?
- CosmWasm Architecture
- CosmWasm Tools and Chains
- CosmWasm Vulnerabilities
Solana
- Solana Architecture
- Proof of history
- PDAs and SPLs
- Solana Security Issues
- Solana Programs
SEC554.4: Exploiting DeFi Protocols
Overview
Throughout course section four you learn about the innovative and unique way smart contracts democratize financial services. DeFi is a complex environment of interworking components. We go through the most relevant DeFi protocols that make up those components, the terminology, and how they operate. Protocols discussed are DEXs, Automated Market Makers, lending and borrowing platforms, stablecoins, derivatives, yield farms, oracles, and prediction markets. Each of these DeFi protocols have unique attack types that combine both economic-based and code-based exploitation. Attacks through flash loans, oracle manipulation, and governance proposals are all discussed, with examples. This section is more about the business logic rather than the tools or platforms, and we use several labs that exploit DeFi protocols across several different blockchains.
Exercises
Lab 4.1: Exploit a Vulnerable AMM
Lab 4.2: Perform a Flash Loan Attack
Lab 4.3: Deploy and Interact with a Chainlink Oracle
Lab 4.4: Perform a Governance Attack on EVM
Lab 4.5: Exploit a Yield Farm on Solana
Topics
The Concepts, Benefits and Risks in DeFi
- DeFi vs. CeFi
- Protocols Overview
- Environmental Risks and DeFi Attacks
- Security Incident Timeline
Decentralized Exchanges (DEX)
- Key Terminology
- Automated Market Makers (AMMs)
- Aggregators
- DEX Issues and Exploits
- Case Study: DEX Liquidity Pool Hack
Lending and Borrowing
Key Terminology
- AAVE and Compound Protocols
- Issues and Risks
- Flash Loans
- Case Study: Flash Loan Attack
Stable Coins, Derivatives, and Synthetic Assets
- Types of Stable Coins and Derivatives
- Security Risks
- Case Study: Terra UST and Luna Collapse
Governance and Oracles
- Oracle Purpose and Designs
- Oracle Attacks
- Governance Overview and Key Terms
- Governance Attacks
- Case Study: Beanstalk Farms Malicious Governance
Emerging DeFi Protocols and Risks
- DEX Aggregators
- Prediction Markets
- Decentralized Insurance
- Yield Farms and Yield Aggregators
SEC554.5: Cross-Chain, Defense, and Compliance
Overview
We start this course section by looking at common vulnerabilities of cross-chain and bridges. These are critical infrastructure components that are constantly attacked, and they have high value and impact. We discuss the adversaries on blockchain, the patterns they use to attack and steal funds, and defining a framework for these patterns to help us defend against it.
We then look at some of the tools used for monitoring and protecting smart contracts. You analyze how privacy, anonymity, and personal identity can be compromised if a blockchain user is not authenticated and how to protect again these issues. Finally, we take a look at how the blockchain is used maliciously and the current compliance and regulatory landscape of blockchainand some tools used.
We also take a deep dive on how privacy can be compromised and used by adversaries or government agencies to monitor and identify user activity. Dark net markets have been one of the most notorious uses of cryptocurrencies, and this course section also provides information on how these markets differ from the normal Internet and why they are used for illegal purposes. We also examine privacy crypto like Monero, as well as the regulations enforced by agencies to prevent criminal activity.
Exercises
Lab 5.1: Crash a Cross-Chain Bridge
Lab 5.2: Detect a Front-Running Attack
Lab 5.3: Verify a Smart Contract with Tenderly
Lab 5.4: Monitor a Wallet for Malicious Activity Using Forta
Lab 5.5 Install a Crypto-Miner Malware Agent
Lab 5.6: Use OSINT to Discover Hidden Bitcoin Funds
Topics
Cross-chain
- What is Cross-chain?
- Bridges
- Cross-chain and Bridge Vulnerabilities
- Case Study: ThorChain Vulnerabilities in the BiFrost
- Chain-bridge
Blockchain Threats and Adversary Tactics
- Blockchain Threat Actors
- Case Study: Rug Pull Anatomy
- ATT&CK Matrix for DeFi
- Tornado Cash and Money Laundering
Blue Team for Blockchain
- Incident Response Process Overview and Key Terms
- Tools for Defending DeFi
Attacks on Privacy
- Blockchain-Based Attacks
- Non-Blockchain-Based Attacks
- Defenses for Privacy
Malicious Uses of Blockchain
- Ransomware and Crypto-Lockers
- Case Study: WannaCry Ransomware
- ICO Scams, and Ponzi Schemes
- Case Study: PlusToken
- Crypto-jacking
- Case Study: CoinHive
Regulatory Compliance and Investigation
- The Current Regulatory Environment
- TOR, Monero, and Dark Net Markets
- Case Study: Operation Disruptor
- OSINT and Blockchain Forensics
- Monero

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

MANDATORY SEC554 SYSTEM HARDWARE REQUIREMENTS

CPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this class.
CRITICAL: Apple systems using the M1/M2 processor line cannot perform the necessary virtualization functionality and therefore cannot in any way be used for this course.
BIOS settings must be set to enable virtualization technology, such as "Intel-VTx" or "AMD-V" extensions. Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.
8GB of RAM or more is required.
30GB of free storage space or more is required.
At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.
Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.

MANDATORY SEC554 HOST CONFIGURATION AND SOFTWARE REQUIREMENTS

Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
Any filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled or you must have the administrative privileges to disable it.
Download and install VMware Workstation Pro 16.2.X+ or VMware Player 16.2.X+ (for Windows 10 hosts), VMware Workstation Pro 17.0.0+ or VMware Player 17.0.0+ (for Windows 11 hosts), or VMWare Fusion Pro 12.2+ or VMware Fusion Player 11.5+ (for macOS hosts) prior to class beginning. If you do not own a licensed copy of VMware Workstation Pro or VMware Fusion Pro, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website. Also note that VMware Workstation Player offers fewer features than VMware Workstation Pro. For those with Windows host systems, Workstation Pro is recommended for a more seamless student experience.
On Windows hosts, VMware products might not coexist with the Hyper-V hypervisor. For the best experience, ensure VMware can boot a virtual machine. This may require disabling Hyper-V. Instructions for disabling Hyper-V, Device Guard, and Credential Guard are contained in the setup documentation that accompanies your course materials.
Download and install 7-Zip (for Windows Hosts) or Keka (for macOS hosts). These tools are also included in your downloaded course materials.

Your course media is delivered via download. The media files for class can be large. Many are in the 40-50GB range, with some over 100GB. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Do not wait until the night before class to start downloading these files.

Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.

Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org

Author Statement

"Blockchain is a revolutionary solution that solves multiple issues inherent in the social, economic, and technological challenges we face today. Decentralization and self-sovereignty are not just concepts, but fundamental ideals that should be made available and accessible for all to benefit from. But those processes need to be carried out responsibly and securely. In order to drive adoption, security must be a priority for all developers, users, or speculators interacting with blockchains or smart contracts. I've always thought the best way to protect something is to learn how to break it." - Steven Walbroehl

Ways to Learn

OnDemand

Cybersecurity learning – at YOUR pace! OnDemand provides unlimited access to your training wherever, whenever. All labs, exercises, and live support from SANS subject matter experts included.

Live Online

The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch.

Who Should Attend SEC554?

Smart contract developers
Blockchain developers
Security engineers, architects, or analysts whose companies are creating blockchain or smart contract applications
Penetration testers interested in expanding their set of skills to newer technologies, and in getting a head start on an emerging new discipline in security
Compliance officers tasked with validating and investigating implementations that involve blockchain or smart contracts
Executives or managers who are starting projects that involve blockchain or smart contracts and need to understand the technology, security issues, and mitigations involved
Employees of government agencies who want to expand their knowledge and skills of blockchain networks
Cryptocurrency users who want to learn how to protect their transactions, investments, and privacy

Reviews

SEC554 provided great foundational knowledge around blockchain security. Anyone interested in learning blockchain security should be able to go through this material and have a solid understand of how Bitcoin works.

Beau Bullock

SEC554 gives an excellent education on the next big technological revolution, taught by the folks on the front lines.

What I had hoped for and more. The course is covering not only the fundamentals, but offense, defense, and forensics.

Mauricio Maranho

Solution Providers Inc

SEC554 gives an excellent education on the next big technological revolution, taught by the folks on the front lines.

Ravi Danesh

BMO Financial Group

Amazing and unique one of a kind course. No other learning experience quite like this one... wish there was more!

Yenny Angzas

BlockOne

Display times in

Africa/Abidjan

Africa/Accra

Africa/Addis Ababa

Africa/Algiers

Africa/Asmara

Africa/Asmera

Africa/Bamako

Africa/Bangui

Africa/Banjul

Africa/Bissau

Africa/Blantyre

Africa/Brazzaville

Africa/Bujumbura

Africa/Cairo

Africa/Casablanca

Africa/Ceuta

Africa/Conakry

Africa/Dakar

Africa/Dar es Salaam

Africa/Djibouti

Africa/Douala

Africa/El Aaiun

Africa/Freetown

Africa/Gaborone

Africa/Harare

Africa/Johannesburg

Africa/Juba

Africa/Kampala

Africa/Khartoum

Africa/Kigali

Africa/Kinshasa

Africa/Lagos

Africa/Libreville

Africa/Lome

Africa/Luanda

Africa/Lubumbashi

Africa/Lusaka

Africa/Malabo

Africa/Maputo

Africa/Maseru

Africa/Mbabane

Africa/Mogadishu

Africa/Monrovia

Africa/Nairobi

Africa/Ndjamena

Africa/Niamey

Africa/Nouakchott

Africa/Ouagadougou

Africa/Porto-Novo

Africa/Sao Tome

Africa/Timbuktu

Africa/Tripoli

Africa/Tunis

Africa/Windhoek

America/Adak

America/Anchorage

America/Anguilla

America/Antigua

America/Araguaina

America/Argentina/Buenos Aires

America/Argentina/Catamarca

America/Argentina/ComodRivadavia

America/Argentina/Cordoba

America/Argentina/Jujuy

America/Argentina/La Rioja

America/Argentina/Mendoza

America/Argentina/Rio Gallegos

America/Argentina/Salta

America/Argentina/San Juan

America/Argentina/San Luis

America/Argentina/Tucuman

America/Argentina/Ushuaia

America/Aruba

America/Asuncion

America/Atikokan

America/Atka

America/Bahia

America/Bahia Banderas

America/Barbados

America/Belem

America/Belize

America/Blanc-Sablon

America/Boa Vista

America/Bogota

America/Boise

America/Buenos Aires

America/Cambridge Bay

America/Campo Grande

America/Cancun

America/Caracas

America/Catamarca

America/Cayenne

America/Cayman

America/Chicago

America/Chihuahua

America/Ciudad Juarez

America/Coral Harbour

America/Cordoba

America/Costa Rica

America/Creston

America/Cuiaba

America/Curacao

America/Danmarkshavn

America/Dawson

America/Dawson Creek

America/Denver

America/Detroit

America/Dominica

America/Edmonton

America/Eirunepe

America/El Salvador

America/Ensenada

America/Fort Nelson

America/Fort Wayne

America/Fortaleza

America/Glace Bay

America/Godthab

America/Goose Bay

America/Grand Turk

America/Grenada

America/Guadeloupe

America/Guatemala

America/Guayaquil

America/Guyana

America/Halifax

America/Havana

America/Hermosillo

America/Indiana/Indianapolis

America/Indiana/Knox

America/Indiana/Marengo

America/Indiana/Petersburg

America/Indiana/Tell City

America/Indiana/Vevay

America/Indiana/Vincennes

America/Indiana/Winamac

America/Indianapolis

America/Inuvik

America/Iqaluit

America/Jamaica

America/Jujuy

America/Juneau

America/Kentucky/Louisville

America/Kentucky/Monticello

America/Knox IN

America/Kralendijk

America/La Paz

America/Lima

America/Los Angeles

America/Louisville

America/Lower Princes

America/Maceio

America/Managua

America/Manaus

America/Marigot

America/Martinique

America/Matamoros

America/Mazatlan

America/Mendoza

America/Menominee

America/Merida

America/Metlakatla

America/Mexico City

America/Miquelon

America/Moncton

America/Monterrey

America/Montevideo

America/Montreal

America/Montserrat

America/Nassau

America/New York

America/Nipigon

America/Nome

America/Noronha

America/North Dakota/Beulah

America/North Dakota/Center

America/North Dakota/New Salem

America/Nuuk

America/Ojinaga

America/Panama

America/Pangnirtung

America/Paramaribo

America/Phoenix

America/Port-au-Prince

America/Port of Spain

America/Porto Acre

America/Porto Velho

America/Puerto Rico

America/Punta Arenas

America/Rainy River

America/Rankin Inlet

America/Recife

America/Regina

America/Resolute

America/Rio Branco

America/Rosario

America/Santa Isabel

America/Santarem

America/Santiago

America/Santo Domingo

America/Sao Paulo

America/Scoresbysund

America/Shiprock

America/Sitka

America/St Barthelemy

America/St Johns

America/St Kitts

America/St Lucia

America/St Thomas

America/St Vincent

America/Swift Current

America/Tegucigalpa

America/Thule

America/Thunder Bay

America/Tijuana

America/Toronto

America/Tortola

America/Vancouver

America/Virgin

America/Whitehorse

America/Winnipeg

America/Yakutat

America/Yellowknife

Antarctica/Casey

Antarctica/Davis

Antarctica/DumontDUrville

Antarctica/Macquarie

Antarctica/Mawson

Antarctica/McMurdo

Antarctica/Palmer

Antarctica/Rothera

Antarctica/South Pole

Antarctica/Syowa

Antarctica/Troll

Antarctica/Vostok

Arctic/Longyearbyen

Asia/Aden

Asia/Almaty

Asia/Amman

Asia/Anadyr

Asia/Aqtau

Asia/Aqtobe

Asia/Ashgabat

Asia/Ashkhabad

Asia/Atyrau

Asia/Baghdad

Asia/Bahrain

Asia/Baku

Asia/Bangkok

Asia/Barnaul

Asia/Beirut

Asia/Bishkek

Asia/Brunei

Asia/Calcutta

Asia/Chita

Asia/Choibalsan

Asia/Chongqing

Asia/Chungking

Asia/Colombo

Asia/Dacca

Asia/Damascus

Asia/Dhaka

Asia/Dili

Asia/Dubai

Asia/Dushanbe

Asia/Famagusta

Asia/Gaza

Asia/Harbin

Asia/Hebron

Asia/Ho Chi Minh

Asia/Hong Kong

Asia/Hovd

Asia/Irkutsk

Asia/Istanbul

Asia/Jakarta

Asia/Jayapura

Asia/Jerusalem

Asia/Kabul

Asia/Kamchatka

Asia/Karachi

Asia/Kashgar

Asia/Kathmandu

Asia/Katmandu

Asia/Khandyga

Asia/Kolkata

Asia/Krasnoyarsk

Asia/Kuala Lumpur

Asia/Kuching

Asia/Kuwait

Asia/Macao

Asia/Macau

Asia/Magadan

Asia/Makassar

Asia/Manila

Asia/Muscat

Asia/Nicosia

Asia/Novokuznetsk

Asia/Novosibirsk

Asia/Omsk

Asia/Oral

Asia/Phnom Penh

Asia/Pontianak

Asia/Pyongyang

Asia/Qatar

Asia/Qostanay

Asia/Qyzylorda

Asia/Rangoon

Asia/Riyadh

Asia/Saigon

Asia/Sakhalin

Asia/Samarkand

Asia/Seoul

Asia/Shanghai

Asia/Singapore

Asia/Srednekolymsk

Asia/Taipei

Asia/Tashkent

Asia/Tbilisi

Asia/Tehran

Asia/Tel Aviv

Asia/Thimbu

Asia/Thimphu

Asia/Tokyo

Asia/Tomsk

Asia/Ujung Pandang

Asia/Ulaanbaatar

Asia/Ulan Bator

Asia/Urumqi

Asia/Ust-Nera

Asia/Vientiane

Asia/Vladivostok

Asia/Yakutsk

Asia/Yangon

Asia/Yekaterinburg

Asia/Yerevan

Atlantic/Azores

Atlantic/Bermuda

Atlantic/Canary

Atlantic/Cape Verde

Atlantic/Faeroe

Atlantic/Faroe

Atlantic/Jan Mayen

Atlantic/Madeira

Atlantic/Reykjavik

Atlantic/South Georgia

Atlantic/St Helena

Atlantic/Stanley

Australia/ACT

Australia/Adelaide

Australia/Brisbane

Australia/Broken Hill

Australia/Canberra

Australia/Currie

Australia/Darwin

Australia/Eucla

Australia/Hobart

Australia/LHI

Australia/Lindeman

Australia/Lord Howe

Australia/Melbourne

Australia/NSW

Australia/North

Australia/Perth

Australia/Queensland

Australia/South

Australia/Sydney

Australia/Tasmania

Australia/Victoria

Australia/West

Australia/Yancowinna

Brazil/Acre

Brazil/DeNoronha

Brazil/East

Brazil/West

CET

CST6CDT

Canada/Atlantic

Canada/Central

Canada/Eastern

Canada/Mountain

Canada/Newfoundland

Canada/Pacific

Canada/Saskatchewan

Canada/Yukon

Chile/Continental

Chile/EasterIsland

Cuba

EET

EST

EST5EDT

Egypt

Eire

Etc/GMT

Etc/GMT+0

Etc/GMT+1

Etc/GMT+10

Etc/GMT+11

Etc/GMT+12

Etc/GMT+2

Etc/GMT+3

Etc/GMT+4

Etc/GMT+5

Etc/GMT+6

Etc/GMT+7

Etc/GMT+8

Etc/GMT+9

Etc/GMT-0

Etc/GMT-1

Etc/GMT-10

Etc/GMT-11

Etc/GMT-12

Etc/GMT-13

Etc/GMT-14

Etc/GMT-2

Etc/GMT-3

Etc/GMT-4

Etc/GMT-5

Etc/GMT-6

Etc/GMT-7

Etc/GMT-8

Etc/GMT-9

Etc/GMT0

Etc/Greenwich

Etc/UCT

Etc/UTC

Etc/Universal

Etc/Zulu

Europe/Amsterdam

Europe/Andorra

Europe/Astrakhan

Europe/Athens

Europe/Belfast

Europe/Belgrade

Europe/Berlin

Europe/Bratislava

Europe/Brussels

Europe/Bucharest

Europe/Budapest

Europe/Busingen

Europe/Chisinau

Europe/Copenhagen

Europe/Dublin

Europe/Gibraltar

Europe/Guernsey

Europe/Helsinki

Europe/Isle of Man

Europe/Istanbul

Europe/Jersey

Europe/Kaliningrad

Europe/Kiev

Europe/Kirov

Europe/Kyiv

Europe/Lisbon

Europe/Ljubljana

Europe/London

Europe/Luxembourg

Europe/Madrid

Europe/Malta

Europe/Mariehamn

Europe/Minsk

Europe/Monaco

Europe/Moscow

Europe/Nicosia

Europe/Oslo

Europe/Paris

Europe/Podgorica

Europe/Prague

Europe/Riga

Europe/Rome

Europe/Samara

Europe/San Marino

Europe/Sarajevo

Europe/Saratov

Europe/Simferopol

Europe/Skopje

Europe/Sofia

Europe/Stockholm

Europe/Tallinn

Europe/Tirane

Europe/Tiraspol

Europe/Ulyanovsk

Europe/Uzhgorod

Europe/Vaduz

Europe/Vatican

Europe/Vienna

Europe/Vilnius

Europe/Volgograd

Europe/Warsaw

Europe/Zagreb

Europe/Zaporozhye

Europe/Zurich

GB-Eire

GMT

GMT+0

GMT-0

GMT0

Greenwich

HST

Hongkong

Iceland

Indian/Antananarivo

Indian/Chagos

Indian/Christmas

Indian/Cocos

Indian/Comoro

Indian/Kerguelen

Indian/Mahe

Indian/Maldives

Indian/Mauritius

Indian/Mayotte

Indian/Reunion

Iran

Israel

Jamaica

Japan

Kwajalein

Libya

MET

MST

MST7MDT

Mexico/BajaNorte

Mexico/BajaSur

Mexico/General

NZ-CHAT

Navajo

PRC

PST8PDT

Pacific/Apia

Pacific/Auckland

Pacific/Bougainville

Pacific/Chatham

Pacific/Chuuk

Pacific/Easter

Pacific/Efate

Pacific/Enderbury

Pacific/Fakaofo

Pacific/Fiji

Pacific/Funafuti

Pacific/Galapagos

Pacific/Gambier

Pacific/Guadalcanal

Pacific/Guam

Pacific/Honolulu

Pacific/Johnston

Pacific/Kanton

Pacific/Kiritimati

Pacific/Kosrae

Pacific/Kwajalein

Pacific/Majuro

Pacific/Marquesas

Pacific/Midway

Pacific/Nauru

Pacific/Niue

Pacific/Norfolk

Pacific/Noumea

Pacific/Pago Pago

Pacific/Palau

Pacific/Pitcairn

Pacific/Pohnpei

Pacific/Ponape

Pacific/Port Moresby

Pacific/Rarotonga

Pacific/Saipan

Pacific/Samoa

Pacific/Tahiti

Pacific/Tarawa

Pacific/Tongatapu

Pacific/Truk

Pacific/Wake

Pacific/Wallis

Pacific/Yap

Poland

Portugal

ROC

ROK

Singapore

Turkey

UCT

US/Alaska

US/Aleutian

US/Arizona

US/Central

US/East-Indiana

US/Eastern

US/Hawaii

US/Indiana-Starke

US/Michigan

US/Mountain

US/Pacific

US/Samoa

UTC

Universal

W-SU

WET

Zulu

Filters:

Register for SEC554

Loading...

All pricing excludes applicable taxes

Free Course Demos

New Cyber Trends & Training in 2023

2023 Security Awareness Report

Security Policy Templates

Join the Community

Our Mission

SEC554: Blockchain and Smart Contract Security

Course Authors:

Steven Walbroehl

What You Will Learn

Syllabus (30 CPEs)

SEC554.1: Blockchain and Smart Contract Fundamentals

Overview

Exercises

Topics

SEC554.2: Smart Contract Hacking - Solidity

Overview

Exercises

Topics

SEC554.3: Smart Contract Hacking - Rust

Overview

Exercises

Topics

SEC554.4: Exploiting DeFi Protocols

Overview

Exercises

Topics

SEC554.5: Cross-Chain, Defense, and Compliance

Overview

Exercises

Topics

Laptop Requirements

Author Statement

Ways to Learn

Who Should Attend SEC554?

Reviews

Filters:

Register for SEC554

Loading...