DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖK

Never heard of him, but he is quite a fun presenter. And I will never work with log files the same way again. I knew about these back in the day, and also what you could do with them on terminals because I use a lot of ncurses stuff,, but I never really thought of the impact they could have through injection.

Hey, it's 98 again.
I remember my takeaway from back then was to use less instead of more

Loved this! Stök always impresses!

Wow, he got video and audio to work live first try!

Fun and interesting talk. I discovered an angle on this many years ago on IRC. UTF-8 sequences can contain certain valid control codes in the 2nd byte and onwards, allowing you to "smuggle" them past sanitization when configuration of things doesn't line up. For example, some users' IRC clients would receive and interpret the byte sequences as UTF-8 but their terminal would honor the control codes. \x9B from the C1 control codes worked as a CSI when I played with it, and can be the second byte of a valid UTF-8 character.

I'm disappointed how the audience was silent when he said you could print stuff
.. hahaha the audience must not be programmers 🤣🤣🤣

I had a friend back in the early to mid 1990's tell another friend of mine he put an ansi bomb into a video memory of a BBS me and him had a good laugh but my other friend ended up called the bbs provider and tell them that he had done this and they ended up shutting down the POP dial IN number for a week

25 years ago a friend of mine and me implemented a BBS/Chat-Server in plain Java (Java1.2 on linux it was) to replace an existing old c implementation variant which was not maintainable anymore as uni-project.
it never got live as the admins of the existing missed features and we did want to code further (after one and a half year extensive daily coding)without going live. we got our uni credits and we learned so much during that time

we played a lot with ESC sequences, cursors tabs backspace/delete full color mode and stuff, all stuff which was not possible or mediocre in the c implementation. we did a serverside ncurses like gui builder and and and.
and we made it optional to write colored logs Critical in bold red, Medium in yellow and status messages were green with esc sequences
all full bells and whistles...

at that time until your talk i saw yesterday, i never thought of abusing them for any evil stuff... man we were so naiv and good meaning :D

thx for the great talk and bringing back a lot of great memories

nice talk.. i dont knowe so much about ANSI security but did get a lot wiser. thank you very much 4 all time you put in. so easy when you explain it.

That's pure gold
Hay stock I know u are going through a lot mantlly
I really hope u ll get well soon
And u come back soon
May the karma be with u

the G.O.A.T

my immediate thought after hearing about changing colours and needing to end the colour change with another escape sequence was that you could make all text the same colour as the terminal background. or maybe just some of the text

Woke me up... 😂. Excellent presentation and wired dude. 👍👍

Snyggt jobbat

If you put it at .75 playback speed its a lot better

This talk makes me scared of using cat! Every once in a while i open a binary log/file with cat accidentally and the terminal rightfully barfs at me for doing it. But i never imagined rouge escape sequences could actually cause that much damage when abused by an attacker! yikes!

This guy and his videos got me into infosec. So glad to see my boy at DefCon!

what a freakin' incredible presentation ~ the timing so poignant and comedic, while never undermining the seriousness of the situation. i'd work with this guy

Great presentation, you are a fun crazy man!
Kind regards.
Mrs. Ragone

nice ! best energy ever

Woohoo!!!! STOK great talk man!

His accent makes it impossible.
I'll read the transcript, Thor.

what is a real content?

Yoo Stök!!
Youre amazing, one of the best !

The best professor

Sorry, this guy is a knob. I made it 14 seconds in. He's an embarrassment to a once respected community.

The smartest Dudeson

Is this the guy behind all the stickers I used to see with that moniker? If so that’s super cool…

Yet another example of devs who are forced to be clever to keep a job doing stupid and unnecessary things that make no sense and are insecure.

system log = /dev/null

Never seen a man, get so excited about a colon.

Excellent talk, and really cool demonstrations.. Got my brain thinking

Back in the dark ages when I began my computer career on VAX/VMS in 19.. I knew nothing of escape sequences, so when I redirected my DCL program to a screen - the whole office went berserk - starting and stopping the printer and the plotter, falsh sequences on the terminal screens, beeping the terminal, my co-worker just panicked and ran out the room. I couldn't do anything but stand there laughing my arse off :)

Wow, that's a presentation Wow... now I can't trust my old log files lol...

take off the damn shades, you might find the bloody podium.

At the very least I learned that you can advertise to sysadmins via logs which is fantastic.

Totally on some kind of drugs... :-´)

❤AWESOME❤

Rappers dont kill people, hackers doo😮

he's the coolest guy in the room in every room

he know 0 coding

Absolutely wonderful presentation

Awesome info :)