http://0.0.0.0:4000/ A minimal, responsive and feature-rich Jekyll theme for technical writing. 2025-03-20T00:59:08-04:00 LCFR http://0.0.0.0:4000/ Jekyll © 2025 LCFR /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2022-12-24T19:28:22-05:00 2022-12-24T19:28:22-05:00 http://0.0.0.0:4000/posts/ens-namewrapper-bounty/ LCFR

Quick Links About ENS and ENS Subdomains About the NameWrapper Finding the bug Proof of Concept Patch Reward About ENS and ENS Subdomains Currently Ethereum Name Service or just ENS for short is an ERC721 NFT collection. A user can mint a token that represents something similar to a domain or username where as its a memorable representation of a users wallet address such as a word, phrase, pat...

2022-05-18T20:28:22-04:00 2022-05-18T20:28:22-04:00 http://0.0.0.0:4000/posts/rescue-ens-names/ LCFR

Recently we had a client message our support channel asking about strange transactions. Shortly after we determined the users wallet had been compromised and a drainer/sweeper script attached to the address. Understandably the user was quite frantic but patient and allowed us to come up with a plan to try and help rescue his ENS names. The “drainer” problem: Generally when a wallet is compr...

2022-05-01T20:28:22-04:00 2022-05-01T20:28:22-04:00 http://0.0.0.0:4000/posts/duplicate-ens-names/ LCFR

Quick Links About ENS: Decentralized Domain Name System ENS Registration & Metadata explained ENS Subgraph Service ENS Metadata Service ZWJ, ZWNJ, ZWSP ? Null-bytes & String termination Idea Results The Patche(s) Revisited 12/2022 Reward About ENS: Decentralized Domain Name System ENS (Ethereum Name Service) is a decentralized domain name system built on Ethereum. Its goal is to mak...

2021-06-06T20:28:22-04:00 2021-06-06T20:28:22-04:00 http://0.0.0.0:4000/posts/local-ssh-2fa-bypass/ LCFR

Quick Links What is SSH session injection Brief overview of SSH session creation code Good hackers read documentation Abusing SSH multiplexing Detection EOF What is SSH session injection? Mostly personal notes after revisiting the subject recently while reminiscing on past hacking techniques. In the past SSH session injection allowed an attacker to inject code into a target users ssh client ...