In-Person Event: Lost in the Metaverse NFT CTF

Speaker: Jonathan Marcil, Challenge Designer, NorthSec CTF

Topic: Lost in the Metaverse; NFT CTF

Schedule:
6:00pm - 6:30pm Networking, Food & Drink
6:30pm - 6:35pm Welcome and Introduction
6:35pm - 7:35pm Presentation
7:35~pm - Raffle

Vendors interested in sponsoring send an email to [orange-county-leaders@owasp.org](mailto:orange-county-leaders@owasp.org)

!!!!!!!!!!
* NOTE: BRING YOUR LAPTOP TO PARTICIPATE IN THIS STEP-BY-STEP FOLLOW-ALONG CTF CHALLENGE
!!!!!!!!!!

### Abstract

Overview of NFT related tools and platforms alongside a step by step guide on how to steal an NFT.

In this presentation we will go over a Capture The Flag challenge from NorthSec CTF Warmup 2022. We'll cover from a high point of view what constitutes an NFT, and we'll look at some tools/websites to manipulate them at the blockchain level.

We'll leave some time for participants to setup the Metamask wallet with the Rinkeby test network. If you want to pre-prepare go to https://metamask.io/ and setup the browser plugin in a isolated browser profile.

We'll end on a step by step guide on how to steal the NFT that you can follow along and just watch. While stealing the NFT is actually easier than understanding how to steal, we'll also look at the hints that lead to the "exploitation" path.

Speaker Bio

Jonathan is a board member of the OWASP Orange County chapter. Originally from Montreal, he is part of NorthSec CTF as a challenge designer. He is passionate about Application Security and enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering from ETS Montreal and has more than 18 years of experience in Information Technology and Security.

### Code of Conduct

We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy

### Sponsorship

Vendors who are interested in sponsoring OWASP OC monthly meetings, please send an email to orange-county-leaders@owasp.org

IOActive has donated two Amazon $50 gift cards to be raffled off at the end of the meeting (must be present to win). IOActive approaches security from the attacker’s mindset. Whether infiltrating software, hardware, networks or human resources, our consultants uncover the weaknesses in your operations.