He's an amazing presenter .. and a gem for the community.. great job Stök ❤
@STOKfredrik
Жыл бұрын
I can’t even start to express how much this comment means to me, it haven’t been a easy path, that’s a fact, so thank you for noticing all the hard work and the love I have for our community.
@camelotenglishtuition6394
Жыл бұрын
@STOKfredrik you actually inspired me to move into cyber security ..I always had a love for it but saw it as a hobby .. but your video about hacking a hardened target (I think some sort of http smuggling I can't remember exactly ) really rustled my jimmies and convinced me to push on even though it's difficult. I hope that one day I can buy you a beer 🍺 and say thanks
@Krazy0
Жыл бұрын
Stönks
@lostinspace4417
10 ай бұрын
@@STOKfredrik14:50 "so even though I was like Fuk Yeah! ..confirmed!" You're a legend, sir!
@Leyart86
Жыл бұрын
This is probably one of the best presentation, if not the best, I ever saw, for any content, ever
@STOKfredrik
Жыл бұрын
Mind blown, thanks, seriously thanks!
@XiSparks
Жыл бұрын
I've never been so nervous to go look at logs.....
@STOKfredrik
Жыл бұрын
Mission accomplished, see it as security awareness training :)
@aliasgarkhimani9204
Жыл бұрын
This is hands down one of the best talks I've ever heard. Good job Stök!
@STOKfredrik
Жыл бұрын
Thanks, happy you liked it!
@aliasgarkhimani9204
Жыл бұрын
@@STOKfredrik omg you replied, yay!!
@lansing9r
Жыл бұрын
This is something I highlighted in a comment thread at ISC some years back, I think Johannes wrote a follow-up post about it. Back in the day, ins MS-DOS, you could print an ANSI sequence that would actually redefine what the keys did. So if you pressed space, you'd get "del c:\dos\*" for example ..
@le_david
11 ай бұрын
That is sometimes called "ANSI Bombs", I mentioned it in my talk: kzitem.info/news/bejne/ump3nX-DineemaQ
@FriendlyNeighborhoodNitpicker
11 ай бұрын
I remembered that. It was one of those “coolest thing ever that nobody around you can understand the coolness of” moments, when I discovered that as a teenager playing with the really obscure parts of DOS.
@runejensen3978
6 ай бұрын
nice talk :D Remember that the middle of a dark LAN party with few 100 people playing CS 1.5 or was it CS 1.6 when you sent "net send" you could target all machines locally. Maan those nerds got a suntan when all machines in sync switched focus from their game and was forced into Windows! displaying the net send command :D
@udirt
Жыл бұрын
i was in a AIX troubleshooting class in ~2005 and the trainer warned us about ever, every opening log files for network services without cleansing them first (and not as root, duh). i try to still stick by that, and any security issue in strings/file or ox or regex libs triggers horrible paranoia. regex especially with mod_security being a massive regex target.
@DAngotti22
7 ай бұрын
what a freakin' incredible presentation ~ the timing so poignant and comedic, while never undermining the seriousness of the situation. i'd work with this guy
@myndzi
11 ай бұрын
Fun and interesting talk. I discovered an angle on this many years ago on IRC. UTF-8 sequences can contain certain valid control codes in the 2nd byte and onwards, allowing you to "smuggle" them past sanitization when configuration of things doesn't line up. For example, some users' IRC clients would receive and interpret the byte sequences as UTF-8 but their terminal would honor the control codes. \x9B from the C1 control codes worked as a CSI when I played with it, and can be the second byte of a valid UTF-8 character.
@alexmags
Жыл бұрын
Super fun talk. Very slick! Back i the day you could encode vbScripts (probably because you had secrets in there). Someone made a vbScript decoder. I used to stuff my vbScritps with commented out ASCII DEL characters. After decryption you get an empty file. jättekul!!
@STOKfredrik
Жыл бұрын
Hilarious! Mischief 101
@Vhill7299
11 ай бұрын
Very glad this was put on youtube! I've been telling people about this talk since I walked out of it, and now I can send people the video
@0xQuito
Жыл бұрын
this was truly amazing talk! love stoks work for many years now but he always has a fantastic way of conveying his knowledge so detailed but in a digestible way! thanks you!
@STOKfredrik
Жыл бұрын
Wow that’s amazing to hear, mission accomplished, means a lot 🙏
@oss-gr
Жыл бұрын
Thanks for the amazing shout-out for dgl -- we think he's amazing, too :D
@STOKfredrik
Жыл бұрын
He is! If it wasn’t for dgl my research wouldn’t have evolved into what it is today.
@SimonRousseau1
Жыл бұрын
i teared up laughing at the billion peace signs part. you’re the man! keep pushing, love from Canada
@bitegoatie
Жыл бұрын
Well done. This talk could use a followup with more nuts-and-bolts detail. I got heavily into all this over twenty years ago because of the explosion of abuse/attacks taking place back then, with a lot of it including or relying upon ANSI escape codes in multiple formats. It wasn't just terminals getting owned and logs getting edited, overwritten, and otherwise abused - it was full-spectrum abuse in browsers, apps, whatever. The issues with ANSI/Unicode abuse are not at all limited to escape sequences. It gets, of course, much worse. But the escape sequences in terminals (or relying on terminals) can do an enormous amount and there is readily available documentation on the general proper usage of these codes. And there are also documented accounts of past abuses, as this video discusses. So this subject captures a core set of built-in abuse vectors that to back to the dawn of computing. This core gets to the core of a big part of why computer networks remain fundamentally indefensible: American-institution stewardship of of computing standards, where those institutions trace back to secrecy-obsessed, transparency-averse, Cold-War agencies tasked with what we euphemistically call intelligence and defense. That last bit (which I include just to emphasize the importance of the topic, taken in general terms) gets too far ahead, however, of what I have in mind. What people could use now, it seems - smart or otherwise - would be a detail-focused companion presentation to this brilliant, decades-spanning introduction by Stök.
@xnl-h4ck3r
11 ай бұрын
Only just got chance to watch this now. Great work Stök , and it was great to hear you talking again. I know it was a 40 minute talk, but I can't imagine the amount of hard work and time that went into that 🤘
@mario196705
10 ай бұрын
nice talk.. i dont knowe so much about ANSI security but did get a lot wiser. thank you very much 4 all time you put in. so easy when you explain it.
@teletele9320
10 ай бұрын
25 years ago a friend of mine and me implemented a BBS/Chat-Server in plain Java (Java1.2 on linux it was) to replace an existing old c implementation variant which was not maintainable anymore as uni-project. it never got live as the admins of the existing missed features and we did want to code further (after one and a half year extensive daily coding)without going live. we got our uni credits and we learned so much during that time we played a lot with ESC sequences, cursors tabs backspace/delete full color mode and stuff, all stuff which was not possible or mediocre in the c implementation. we did a serverside ncurses like gui builder and and and. and we made it optional to write colored logs Critical in bold red, Medium in yellow and status messages were green with esc sequences all full bells and whistles... at that time until your talk i saw yesterday, i never thought of abusing them for any evil stuff... man we were so naiv and good meaning :D thx for the great talk and bringing back a lot of great memories
@itsamemarkus
11 ай бұрын
This was such an entertaining presentation. Had a good time watching it. Very well done.
@STOKfredrik
11 ай бұрын
Thanks! Happy you liked it!
@evildojo666
Жыл бұрын
Jesus Christ Stok you guys have changed the game entirely, way to go!
@STOKfredrik
Жыл бұрын
Good times, but I’m standing on the shoulders of giants, just viewing it in another perspective with a malicious mindset.
@3.saar.a
Жыл бұрын
7:21 fun fact, there is an xterm OSC escape sequence reserved for emacs shell
@hectorvivis3651
Жыл бұрын
Such an entertaining talk, with great implications. Great job!
@STOKfredrik
Жыл бұрын
Thanks 🙏
@thewholeworldblurred
8 ай бұрын
This guy and his videos got me into infosec. So glad to see my boy at DefCon!
@dmacpher
Жыл бұрын
This guy is super compelling! Really fun presentation
@STOKfredrik
Жыл бұрын
Thanks, happy you liked it !
@SleepyMagii
2 ай бұрын
Yoo Stök!! Youre amazing, one of the best !
@DJChadHardcastle
11 ай бұрын
Loved this! Stök always impresses!
@oussamamessabih6258
Жыл бұрын
nice to see stok presenting in defcon 🔥
@chsovi7164
10 ай бұрын
my immediate thought after hearing about changing colours and needing to end the colour change with another escape sequence was that you could make all text the same colour as the terminal background. or maybe just some of the text
@user-jb8yv
Жыл бұрын
really great stuff man! i love the ideas building on ideas with comedy, awesome!
@STOKfredrik
Жыл бұрын
It’s a fine balance and a graceful dance to mix deep tech with comedy to entertain the neurodiverse mind.
@1337bitcoin
Жыл бұрын
Great talk!
@SK8Jensen
11 ай бұрын
Great talk! Keep up the good work!
@SERGEX42069
Жыл бұрын
We all need more attitudes like Stök on our teams.
@STOKfredrik
Жыл бұрын
❤✌️
@dguglielmo
11 ай бұрын
What a legend. Wish I had a brain that worked like this. Also what a killer presentation!
@Mercurio-Morat-Goes-Bughunting
11 ай бұрын
11:00 "Is this even a security issue?" This is the long, long shadow of Master Mode and "Old = New(new)" is absolutely spot on, in this case. History repeats not because people don't know history but because they do.
@jfbeam
10 ай бұрын
Yes and No. This is just another view of failing to follow best practices. Too many things will use user input without validation or sanity. For example, whatever you type in at the login prompt will blindly be logged by "login" -- "Unknown user: [unsanitized user input]" If you ever allow that log message to be sent to any terminal without any filtering, you have a _potential_ problem. It's been the same _potential_ problem since escape sequences were invented. We've only made them *worse* over the years.
@Mercurio-Morat-Goes-Bughunting
10 ай бұрын
@@jfbeam any programmer who fails to filter any data field in their software isn't competent to work in the industry.
@jfbeam
10 ай бұрын
@@Mercurio-Morat-Goes-Bughunting I can't disagree. Most programmers *shouldn't be.*
@FriendlyNeighborhoodNitpicker
11 ай бұрын
Never heard of him, but he is quite a fun presenter. And I will never work with log files the same way again. I knew about these back in the day, and also what you could do with them on terminals because I use a lot of ncurses stuff,, but I never really thought of the impact they could have through injection.
@huangnova
5 ай бұрын
Woohoo!!!! STOK great talk man!
@albaragone2632
7 ай бұрын
Great presentation, you are a fun crazy man! Kind regards. Mrs. Ragone
@ZebaBaloch-d4l
10 ай бұрын
That's pure gold Hay stock I know u are going through a lot mantlly I really hope u ll get well soon And u come back soon May the karma be with u
@SamKnowlesNothing
5 сағат бұрын
Is this the guy behind all the stickers I used to see with that moniker? If so that’s super cool…
@Drew-my5sd
2 ай бұрын
The best professor
@joshw1356
17 күн бұрын
The smartest Dudeson
@IIIIIIIIIIIllllllIIIIIIIIIII
Жыл бұрын
Thanks for the talk, very passionate :)
@STOKfredrik
Жыл бұрын
You are welcome!
@tiagotiagot
11 ай бұрын
Wow, he got video and audio to work live first try!
@robertbruce7686
10 ай бұрын
Woke me up... 😂. Excellent presentation and wired dude. 👍👍
@freem4nn129
6 ай бұрын
nice ! best energy ever
@squid13579
11 ай бұрын
Thor After Love and Thunder. 🔥
@redonkk
Жыл бұрын
This guy had me in the first 60 seconds
@jekyllpark5570
10 ай бұрын
8:00 Since editors nowadays (and their syntax highlighting) don't really like brackets that aren't closed, I tend to use "\033\133" instead of "\e[".
@nonickch
11 ай бұрын
Hey, it's 98 again. I remember my takeaway from back then was to use less instead of more
@SolidIncMedia
11 ай бұрын
Wow, I didn't know Macaulay Culkin was big into ANSI escape sequences!
@gcl2783
Жыл бұрын
Balls. I even use this in my bashrc # Function to set the title of the window function retitle(){ echo -ne "\033]2;$1\007" } # Export to allow scripts to retitle the window they're run in. export -f retitle
@STOKfredrik
Жыл бұрын
Haha rip ❤️🪦
@ColtonBrummell
Жыл бұрын
This dude is awesome.
@STOKfredrik
Жыл бұрын
Thanks
@prescientdove
Жыл бұрын
ansi escape codes turing complete? :)
@STOKfredrik
Жыл бұрын
Don’t fully understand, but it’s a very interesting area and things definitely are happing in this space,
@0x0d4y
Жыл бұрын
Amazing talk!!
@STOKfredrik
Жыл бұрын
Thanks, happy you liked it
@kuliserper
11 ай бұрын
Thats cooooolll!!!!
@lancemarchetti8673
Жыл бұрын
I majorly use ANSI mode when editing images in Notepad++ it just makes it more visually enjoyable to work with. Opening up jpg, png or avif code can look pretty crazy in utf-8 xthis xthat...lol😂
@ThePredator315000
10 ай бұрын
the G.O.A.T
@Luftbubblan
10 ай бұрын
Snyggt jobbat
@ConanDuke
4 ай бұрын
His accent makes it impossible. I'll read the transcript, Thor.
@cybrshdw5465
10 ай бұрын
I had a friend back in the early to mid 1990's tell another friend of mine he put an ansi bomb into a video memory of a BBS me and him had a good laugh but my other friend ended up called the bbs provider and tell them that he had done this and they ended up shutting down the POP dial IN number for a week
@MrRoboticBrain
9 ай бұрын
This talk makes me scared of using cat! Every once in a while i open a binary log/file with cat accidentally and the terminal rightfully barfs at me for doing it. But i never imagined rouge escape sequences could actually cause that much damage when abused by an attacker! yikes!
@kuraz
11 ай бұрын
6:52 did that apostrophe get injected there via a rogue ANSI escape sequence?
@mateo__2023
Жыл бұрын
amazing wow 👏👏👏👏
@STOKfredrik
Жыл бұрын
❤🙏✌️
@sjoervanderploeg4340
11 ай бұрын
You know what I hate? When I ask for logs and get EDITED logs, because people think they can read logs themselves... they can not.
4:45 this is gonna be good. what about all that alexa stuff with this. sounds dangerous edit:sp
@filamentofbulb
11 ай бұрын
Soo cool
@nayuku4147
8 ай бұрын
is polyglot from 25:22 public somewhere to download?
@Tonu
Жыл бұрын
Too much bells and whistles
@STOKfredrik
Жыл бұрын
Ding!
@moneyluser5711
Жыл бұрын
All your log are belong to us
@STOKfredrik
Жыл бұрын
Indeed
@ShahabSheikhzadeh
Жыл бұрын
Talk doesn't start till ~6:45. Be warned, obscene amount of memes, GIFs, and such. Also, what's old is new again. I guess showiness, having a brand and tons of followers is what gets you the ability to present talks.
@STOKfredrik
Жыл бұрын
Well yes and no, you still have to pass a peer review and provide either new research or as in this case, a fresh look at something old. having a personal brand and showmanship definitely helps, adding comedy and a fast paced visual flow keeps the audience attention. And yes you are right, my presentation style isn’t for everyone, and that’s ok, But thanks for taking your time to comment and leave feedback, appreciate it.
@ShahabSheikhzadeh
Жыл бұрын
@@STOKfredrik I think the only thing I'd add in the future would be a bit more history on the on the ANSI escape sequences. I think that would be helpful for newer generations to understand some of that. The context you added about what each terminal prefers is fantastic, I feel like in general that's glossed over/obscure. Also, your timing is fantastic considering the quantity of slides you presented. :)
@mariarahelvarnhagen2729
Жыл бұрын
Playing Discworld
@Btc_bott
10 ай бұрын
If you put it at .75 playback speed its a lot better
@blazedank100
11 ай бұрын
Couple years back I tried to reach out to bro to collab on some bounties and he jus ignored me lol
@mirozbiro
4 ай бұрын
what is a real content?
@kahunablinginz6838
11 ай бұрын
I'm disappointed how the audience was silent when he said you could print stuff .. hahaha the audience must not be programmers 🤣🤣🤣
@urban5950
11 ай бұрын
STÖK i decrypt your msg at 2:20 on that alaram clock
@STOKfredrik
11 ай бұрын
😂💪
@Tuckerslam
Жыл бұрын
This pseudohuman thing is a great demonstration of why drugs are bad for you.
Пікірлер: 120