PEPE investors are at risk of losing their coins following a recent security incident. On-chain security firm Blockaid drew attention to a front-end attack on the meme coin’s website that could potentially drain users’ funds. 

PEPE Investors At Risk With Website Front-End Attack

In an X post, Blockaid stated that its system identified a front-end attack on PEPE’s website. The security firm further revealed that the site contains a code of Inferno Drainer. This malware is known to be used to automatically drain users’ wallets, which puts holders at risk of losing their coins. 

The Inferno Drainer malware is said to redirect visitors on the website to a fake portal, where they risk clicking phishing links that are designed to drain their wallets. As such, the security firm advised investors and community members to avoid the website until the issue is resolved. 

Blockaid’s Threat Intelligence Team also told Cointelegraph that the Inferno Drainer code detected on the website matched a known drainer family they regularly identify. Meanwhile, the team has yet to make a statement on their official X platform regarding the malware. 

Notably, the website on the PEPE X platform redirects to a fake website (pepedotvip) instead of the original site (pepedotcom). The website also promotes a PEPE derivative, which is believed to be a rug coin. The price remained steady amid reports of the hack, climbing as high as 4% yesterday. 

However, the meme coin price has since retraced as part of a broader crypto market correction led by Bitcoin. The third-largest meme coin by market cap is also down over 75% year-to-date (YTD) thanks to the recent crypto market crash. 

The Rise In Inferno Drainer Attacks

The PEPE front-end isn’t the first to fall victim to an Inferno Drainer attack this year. Earlier in the year, Blockaid had identified that CoinMarketCap’s frontend was compromised by what appeared to be an Inferno Drainer. Back then, the CoinMarketCap website displayed a pop-up prompting users to verify their wallets, which ultimately drained their funds. 

The BNB Chain X account was also a victim of this Inferno Drainer in October. The hackers posted links that directed users to websites that employed the Inferno Drainer toolkit. This incident resulted in a total loss of around $8,000 for users, which the BNB Chain promised to reimburse. 

Blockaid last year revealed that the Inferno Drainer group stole $80 million from Web3 users by exploiting older, malicious decentralized applications. This kind of scam is also said to have tripled last year, resulting in significant losses for investors. 

At the time of writing, the meme coin price is trading at around $0.000004697, down over 3% in the last 24 hours, according to data from CoinMarketCap.

Want to know if somebody is lying? It’s always so hard to tell. [dbmaking] has whipped up a fun little polygraph, otherwise known as a lie detector. It’s nowhere near as complex as the ones you’ve seen on TV, but it might be just as good when it comes to finding the truth.

The project keeps things simple by focusing on two major biometric readouts — heart rate and skin conductivity. When it comes to the beating heart, [dbmaking] went hardcore and chose an AD8232 ECG device, rather than relying on the crutch that is pulse oximetry. It picks up heart signals via three leads that are just like those they stick on you in the emergency room. Skin conductivity is measured with a pair of electrodes that attach to the fingers with Velcro straps. The readings from these inputs are measured and then used to determine truth or a lie if their values cross a certain threshold. Presumably, if you’re sweating a lot and your heart is beating like crazy, you’re telling a lie. After all, we know Olympic sprinters never tell the truth immediately after a run.

Does this work as an actual, viable lie detector? No, not really. But that’s not just because this device isn’t sophisticated enough; commercial polygraph systems have been widely discredited anyway. There simply isn’t an easy way to correlate sweating to lying, as much as TV has told us the opposite. Consider it a fun toy or prop to play with, and a great way to learn about working with microcontrollers and biometric sensors.

Rolling two six-sided dice (2d6) gives results from 2 to 12 with a bell curve distribution. Seven being the most common result, two and twelve being the least common. But what if one could do this with a single die?

As part of research Putting Rigid Bodies to Rest, researchers show that a single eleven-sided asymmetric shape can deliver the same results. That is to say, it rolls numbers 2 to 12 in the same distribution as 2d6. It’s actually just one of the oddball dice [Hossein Baktash] and his group designed so if you find yourself intrigued, be sure to check out the 3D models and maybe print your own!

The research behind this is a novel method of figuring out what stable resting states exist for a given rigid body, without resorting to simulations. The method is differentiable, meaning it can be used not just to analyze shapes, but also to design shapes with specific properties.

For example, with a typical three-sided die each die face has an equal chance of coming up. But [Hossein] shows (at 8:05 in the video, embedded below) that it’s possible to design a three-sided die where the faces instead have a 25%-50%-25% distribution.

How well do they perform in practice? [Hossein] has done some physical testing showing results seem to match theory, at least when rolled on a hard surface. But we don’t think anyone has loaded these into an automated dice tester, yet.

The Future of Cyber Resilience The algorithms are hunting us. Not with malicious code, but with something far more insidious. During a recent Black Hat Conference roundtable hosted by Chuck...

The post Innovator Spotlight: 360 Privacy appeared first on Cyber Defense Magazine.

What’s pH? This is a question that usually makes new growers scratch their heads and reach for the pipe. The term pH refers to the level of alkalinity or acidity of a liquid substance. The pH scale starts at 0 and rises to 14. A value of 7.0 is considered neutral, with values over 7.0 being alkaline and values below 7.0 being acidic. The liquid is the nutrient solution being used to grow a healthy cannabis plant.

The nutrient solution is basically a cocktail of various chemicals. These chemicals can react to each other in a process called covalent bonding and form new chemicals that the plant can’t effectively use. This process of covalent bonding is largely dependent on the pH of the solution the chemicals are suspended in, in this case water. With the chemicals being used in the average hydroponic solution, a chemist would say that the optimum pH would be 7.0, which is neutral. In keeping the solution neutral, covalent bonding of the constituent parts of the solution will be kept to a minimum.

However, since cannabis plants like a different pH level for optimum growth, it’s okay to lower the pH and take the slight loss of nutrient value. Fast growing, leafy plants generally like a lower pH in the range of 5.2 to 5.9. Fortunately, a lower pH will bond fewer nutrients than a higher pH will. If the pH value goes beyond the optimum range of 5.2 to 5.9, undesirable levels of nutritional deficiency and toxicity will occur, both of which can seriously impede plant growth. Be vigilant.

In researching the various hydroponic methods in use, most of the growing media like rockwool, pea gravel and sand is relatively inert. That means the growing medium won’t react with the nutrients in the solution. For those methods that use inert media, a pH of 5.2 is recommended for optimal elemental uptake. It is at this pH level that the roots will assimilate the nutrients in the solution most efficiently. If the root has to work less to assimilate the required nutrients, the rest of the plant will benefit.

Measuring and Adjusting pH

Measuring pH is relatively easy and there are quite a few choices in terms of methods. The most inexpensive and low-tech method for measuring just requires purchasing a pH kit and taking a sample from the nutrient solution. After following the directions, use the color chart to determine the pH of the solution.

This low-tech solution poses some obvious limitations, not the least of which is the difficulty in deciding which color is closest if you’ve been into the fruits of your previous harvest. The kits typically sell for $5 to $10.

If the pH isn’t the appropriate level for your plant, knowing what chemical to add to the nutrient solution and when is paramount to success as a grower. When the pH level is alkaline, meaning the pH level is above seven, it can be lowered with saltpeter, sulfuric acid or phosphorous.  When the pH value is too low, it can be raised with calcium carbonate, lime or potash. Most fertilizers cause a pH change in the nutrient solution. Adding fertilizer to the nutrient solution almost always results in a more acidic pH, so adjust accordingly.

Proper Handling

Handling all of these chemicals safely is important. As a general rule, never use metal. Instead opt for glass or plastic or the nutrients will react with the elements in the metal and mess up the nutrient ratios. Never add the acid to the vat of nutrient. Fill a small glass container with the nutrient to be balanced and add a few drops of the necessary chemical. Stir it in well and add small amounts at a time to the large vat of nutrient until the proper pH balance is achieved.

As time goes on, the amount of salts produced by the breakdown of fertilizers in the medium causes it to become increasingly acidic. Eventually, the concentration of these salts in the medium will stunt the plant and cause browning out of the foliage. As the plant gets older, its roots become less effective in bringing food to the leaves. To avoid the accumulation of these salts in the medium and to ensure that the plant is getting all of the food it needs, be sure to flush the system with clean, pH-balanced water every couple of weeks. Do this in lieu of that cycle’s feeding.

There’s always been a big debate over when to adjust your pH – before and after you add nutrients to the water, or just after. The truth is, growers can do both. The reasoning for doing both is that water is rarely dead on neutral. It’s either acidic or alkaline, depending on the region. Render the water neutral first by bringing it to a pH of 7.0. Then add the nutrients to that chemically-neutral solution and adjust to the desired range within 5.2 to 5.9 pH.

Because there are so many factors that go into the delicate art of cultivating cannabis, learning how to properly measure and adjust the pH balance on nutrient solutions will have a clear effect on the appearance, potency and health of cannabis plants. Practicing and perfecting this step will be what makes a grower’s crop stand out from the crowd.

TELL US, have you taken pH into consideration when growing cannabis plants?

The post What’s pH? Understanding and Measuring pH in Your Grow Room appeared first on Cannabis Now.

                                                
    ════════════════════════════════════╦═══    
     ╔═╦═╗ ╔═╗ ╔═╗ ╔═╗ ╔═╦═╗ ╔═╗ ╔══╔═╗ ╠═╗     
    ═╩ ╩ ╩═╚═╝═╩ ╩═╚═╝═╩ ╩ ╩═╚═╝═╩  ╠═╝═╩ ╩═    
    ════════════════════════════════╩═══════    
                                  By Retr0id    
                                                
    ═══ MD5-Monomorphic Shellcode Packer ═   ══    
                                                
                                                
USAGE: python3 monomorph.py input_file output_file [payload_file]

What does it do?

It packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401

Currently, only Linux x86-64 is supported. It would be trivial to port this technique to other platforms, although each version would end up with a different MD5. It would also be possible to use a multi-platform polyglot file like APE.

Example usage:

$ python3 monomorph.py bin/monomorph.linux.x86-64.benign bin/monomorph.linux.x86-64.meterpreter sample_payloads/bin/linux.x64.meterpreter.bind_tcp.bin

Why?

People have previously used single collisions to toggle a binary between "good" and "evil" modes. Monomorph takes this concept to the next level.

Some people still insist on using MD5 to reference file samples, for various reasons that don't make sense to me. If any of these people end up investigating code packed using Monomorph, they're going to get very confused.

How does it work?

For every bit we want to encode, a colliding MD5 block has been pre-calculated using FastColl. As summarised here, each collision gives us a pair of blocks that we can swap out without changing the overall MD5 hash. The loader checks which block was chosen at runtime, to decode the bit.

To encode 4KB of data, we need to generate 4*1024*8 collisions (which takes a few hours), taking up 4MB of space in the final file.

To speed this up, I made some small tweaks to FastColl to make it even faster in practice, enabling it to be run in parallel. I'm sure there are smarter ways to parallelise it, but my naive approach is to start N instances simultaneously and wait for the first one to complete, then kill all the others.

Since I've already done the pre-computation, reconfiguring the payload can be done near-instantly. Swapping the state of the pre-computed blocks is done using a technique implemented by Ange Albertini.

Is it detectable?

Yes. It's not very stealthy at all, nor does it try to be. You can detect the collision blocks using detectcoll.

                                                
    ════════════════════════════════════╦═══    
     ╔═╦═╗ ╔═╗ ╔═╗ ╔═╗ ╔═╦═╗ ╔═╗ ╔══╔═╗ ╠═╗     
    ═╩ ╩ ╩═╚═╝═╩ ╩═╚═╝═╩ ╩ ╩═╚═╝═╩  ╠═╝═╩ ╩═    
    ════════════════════════════════╩═══════    
                                  By Retr0id    
                                                
    ═══ MD5-Monomorphic Shellcode Packer ═   ══    
                                                
                                                
USAGE: python3 monomorph.py input_file output_file [payload_file]

What does it do?

It packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401

Currently, only Linux x86-64 is supported. It would be trivial to port this technique to other platforms, although each version would end up with a different MD5. It would also be possible to use a multi-platform polyglot file like APE.

Example usage:

$ python3 monomorph.py bin/monomorph.linux.x86-64.benign bin/monomorph.linux.x86-64.meterpreter sample_payloads/bin/linux.x64.meterpreter.bind_tcp.bin

Why?

People have previously used single collisions to toggle a binary between "good" and "evil" modes. Monomorph takes this concept to the next level.

Some people still insist on using MD5 to reference file samples, for various reasons that don't make sense to me. If any of these people end up investigating code packed using Monomorph, they're going to get very confused.

How does it work?

For every bit we want to encode, a colliding MD5 block has been pre-calculated using FastColl. As summarised here, each collision gives us a pair of blocks that we can swap out without changing the overall MD5 hash. The loader checks which block was chosen at runtime, to decode the bit.

To encode 4KB of data, we need to generate 4*1024*8 collisions (which takes a few hours), taking up 4MB of space in the final file.

To speed this up, I made some small tweaks to FastColl to make it even faster in practice, enabling it to be run in parallel. I'm sure there are smarter ways to parallelise it, but my naive approach is to start N instances simultaneously and wait for the first one to complete, then kill all the others.

Since I've already done the pre-computation, reconfiguring the payload can be done near-instantly. Swapping the state of the pre-computed blocks is done using a technique implemented by Ange Albertini.

Is it detectable?

Yes. It's not very stealthy at all, nor does it try to be. You can detect the collision blocks using detectcoll.