Since October of last year (2021) when Facebook changed the name of the parent company to Meta, we have heard the word Meta and Metavers a lot. For the first time, this talk wants to review all the vulnerabilities that threaten users and infrastructure owners at different layers.In general, Metavers is a full-scale digital life experience. This talk will cover all possible attack vectors that threaten Metaverse infrastructure as well as users. I will start with vulnerabilities in common layers like specific flaws in libraries, basic classes and so on. Then I’ll go one step forward to the component layer which I think is very interesting; because we will deep dive into the P2P network, database, and transaction verification module. “Model Layer” will be the next stop in the session to demonstrate potential vulnerabilities on Ledger
and Account which are two main modules in this layer. In addition in “Service Layer”, HTTP/query/subscription services will be under attack which is the most part of Metaverse architecture as they are connecting blockchain core node servers to human-machine interface using APIs, Json RPC and WebSocket. The final section will be dedicated to endpoint clients like browser based attacks and sophisticated attacks on mobile clients.

About the speaker

Ali Abdollahi is an Infosec engineer at Picnic Technologies B.V. and researcher with a decade of experience working in a variety of fields. He was a trainer at OWASP summer of security 2020, 2021 July training and reviewer for Springer Cluster Computing Journal as well as 2021 Global AppSec US event. In addition, He was speaker or trainer at IEEE AI-ML-Workshop-2021, SSD TyphoonCon, c0c0n2019, BSides Toronto, Budapest, Calgary, Newcastle, Barcelona, OWASP Ottawa chapter, Defcon RedTeam, AppSec and Aerospace villages, Confidence Conf2020, NoNameCon20, YASCon2020, COUNTERMEASURE Conference, DragonCon