He's an amazing presenter .. and a gem for the community.. great job Stök ❤

what a freakin' incredible presentation ~ the timing so poignant and comedic, while never undermining the seriousness of the situation. i'd work with this guy

This is hands down one of the best talks I've ever heard. Good job Stök!

I've never been so nervous to go look at logs.....

This is probably one of the best presentation, if not the best, I ever saw, for any content, ever

nice talk.. i dont knowe so much about ANSI security but did get a lot wiser. thank you very much 4 all time you put in. so easy when you explain it.

Fun and interesting talk. I discovered an angle on this many years ago on IRC. UTF-8 sequences can contain certain valid control codes in the 2nd byte and onwards, allowing you to "smuggle" them past sanitization when configuration of things doesn't line up. For example, some users' IRC clients would receive and interpret the byte sequences as UTF-8 but their terminal would honor the control codes. \x9B from the C1 control codes worked as a CSI when I played with it, and can be the second byte of a valid UTF-8 character.

i was in a AIX troubleshooting class in ~2005 and the trainer warned us about ever, every opening log files for network services without cleansing them first (and not as root, duh). i try to still stick by that, and any security issue in strings/file or ox or regex libs triggers horrible paranoia. regex especially with mod_security being a massive regex target.

This is something I highlighted in a comment thread at ISC some years back, I think Johannes wrote a follow-up post about it. Back in the day, ins MS-DOS, you could print an ANSI sequence that would actually redefine what the keys did. So if you pressed space, you'd get "del c:\dos\*" for example ..

this was truly amazing talk! love stoks work for many years now but he always has a fantastic way of conveying his knowledge so detailed but in a digestible way! thanks you!

Very glad this was put on youtube! I've been telling people about this talk since I walked out of it, and now I can send people the video

Super fun talk. Very slick! Back i the day you could encode vbScripts (probably because you had secrets in there). Someone made a vbScript decoder. I used to stuff my vbScritps with commented out ASCII DEL characters. After decryption you get an empty file. jättekul!!

i teared up laughing at the billion peace signs part. you’re the man! keep pushing, love from Canada

Thanks for the amazing shout-out for dgl -- we think he's amazing, too :D

00:18:10 it is awesome how the defcon brings an impromptu clap at this prompt. so sweet.

25 years ago a friend of mine and me implemented a BBS/Chat-Server in plain Java (Java1.2 on linux it was) to replace an existing old c implementation variant which was not maintainable anymore as uni-project. it never got live as the admins of the existing missed features and we did want to code further (after one and a half year extensive daily coding)without going live. we got our uni credits and we learned so much during that time we played a lot with ESC sequences, cursors tabs backspace/delete full color mode and stuff, all stuff which was not possible or mediocre in the c implementation. we did a serverside ncurses like gui builder and and and. and we made it optional to write colored logs Critical in bold red, Medium in yellow and status messages were green with esc sequences all full bells and whistles... at that time until your talk i saw yesterday, i never thought of abusing them for any evil stuff... man we were so naiv and good meaning :D thx for the great talk and bringing back a lot of great memories

This guy and his videos got me into infosec. So glad to see my boy at DefCon!

Back in the dark ages when I began my computer career on VAX/VMS in 19.. I knew nothing of escape sequences, so when I redirected my DCL program to a screen - the whole office went berserk - starting and stopping the printer and the plotter, falsh sequences on the terminal screens, beeping the terminal, my co-worker just panicked and ran out the room. I couldn't do anything but stand there laughing my arse off :)

This was such an entertaining presentation. Had a good time watching it. Very well done.

Such an entertaining talk, with great implications. Great job!

Only just got chance to watch this now. Great work Stök , and it was great to hear you talking again. I know it was a 40 minute talk, but I can't imagine the amount of hard work and time that went into that 🤘

This guy is super compelling! Really fun presentation

11:00 "Is this even a security issue?" This is the long, long shadow of Master Mode and "Old = New(new)" is absolutely spot on, in this case. History repeats not because people don't know history but because they do.

Jesus Christ Stok you guys have changed the game entirely, way to go!

really great stuff man! i love the ideas building on ideas with comedy, awesome!

my immediate thought after hearing about changing colours and needing to end the colour change with another escape sequence was that you could make all text the same colour as the terminal background. or maybe just some of the text

What a legend. Wish I had a brain that worked like this. Also what a killer presentation!

Loved this! Stök always impresses!

Excellent talk, and really cool demonstrations.. Got my brain thinking

Well done. This talk could use a followup with more nuts-and-bolts detail. I got heavily into all this over twenty years ago because of the explosion of abuse/attacks taking place back then, with a lot of it including or relying upon ANSI escape codes in multiple formats. It wasn't just terminals getting owned and logs getting edited, overwritten, and otherwise abused - it was full-spectrum abuse in browsers, apps, whatever. The issues with ANSI/Unicode abuse are not at all limited to escape sequences. It gets, of course, much worse. But the escape sequences in terminals (or relying on terminals) can do an enormous amount and there is readily available documentation on the general proper usage of these codes. And there are also documented accounts of past abuses, as this video discusses. So this subject captures a core set of built-in abuse vectors that to back to the dawn of computing. This core gets to the core of a big part of why computer networks remain fundamentally indefensible: American-institution stewardship of of computing standards, where those institutions trace back to secrecy-obsessed, transparency-averse, Cold-War agencies tasked with what we euphemistically call intelligence and defense. That last bit (which I include just to emphasize the importance of the topic, taken in general terms) gets too far ahead, however, of what I have in mind. What people could use now, it seems - smart or otherwise - would be a detail-focused companion presentation to this brilliant, decades-spanning introduction by Stök.

Absolutely wonderful presentation

Never heard of him, but he is quite a fun presenter. And I will never work with log files the same way again. I knew about these back in the day, and also what you could do with them on terminals because I use a lot of ncurses stuff,, but I never really thought of the impact they could have through injection.

Great talk! Keep up the good work!

nice to see stok presenting in defcon 🔥

8:00 Since editors nowadays (and their syntax highlighting) don't really like brackets that aren't closed, I tend to use "\033\133" instead of "\e[".

Great presentation, you are a fun crazy man! Kind regards. Mrs. Ragone

he's the coolest guy in the room in every room

Woohoo!!!! STOK great talk man!

That's pure gold Hay stock I know u are going through a lot mantlly I really hope u ll get well soon And u come back soon May the karma be with u

Never seen a man, get so excited about a colon.

Yoo Stök!! Youre amazing, one of the best !

What is the software he is using in top right corner at 26:08 ? Collaborator?

6:52 did that apostrophe get injected there via a rogue ANSI escape sequence?

Great talk!

We all need more attitudes like Stök on our teams.

Wow, he got video and audio to work live first try!

Thanks for the talk, very passionate :)

Woke me up... 😂. Excellent presentation and wired dude. 👍👍

Is this the guy behind all the stickers I used to see with that moniker? If so that’s super cool…

Wow, that's a presentation Wow... now I can't trust my old log files lol...

Hey, it's 98 again. I remember my takeaway from back then was to use less instead of more

Wow, I didn't know Macaulay Culkin was big into ANSI escape sequences!

The smartest Dudeson

This guy had me in the first 60 seconds

is polyglot from 25:22 public somewhere to download?

I majorly use ANSI mode when editing images in Notepad++ it just makes it more visually enjoyable to work with. Opening up jpg, png or avif code can look pretty crazy in utf-8 xthis xthat...lol😂

The best professor

Balls. I even use this in my bashrc # Function to set the title of the window function retitle(){ echo -ne "\033]2;$1\007" } # Export to allow scripts to retitle the window they're run in. export -f retitle

ansi escape codes turing complete? :)

nice ! best energy ever

Awesome info :)

This dude is awesome.

Amazing talk!!

I had a friend back in the early to mid 1990's tell another friend of mine he put an ansi bomb into a video memory of a BBS me and him had a good laugh but my other friend ended up called the bbs provider and tell them that he had done this and they ended up shutting down the POP dial IN number for a week

Snyggt jobbat

take off the damn shades, you might find the bloody podium.

Thor After Love and Thunder. 🔥

Thats cooooolll!!!!

Talk doesn't start till ~6:45. Be warned, obscene amount of memes, GIFs, and such. Also, what's old is new again. I guess showiness, having a brand and tons of followers is what gets you the ability to present talks.

You know what I hate? When I ask for logs and get EDITED logs, because people think they can read logs themselves... they can not.

the G.O.A.T

This talk makes me scared of using cat! Every once in a while i open a binary log/file with cat accidentally and the terminal rightfully barfs at me for doing it. But i never imagined rouge escape sequences could actually cause that much damage when abused by an attacker! yikes!

❤AWESOME❤

4:45 this is gonna be good. what about all that alexa stuff with this. sounds dangerous edit:sp

amazing wow 👏👏👏👏

Soo cool

Couple years back I tried to reach out to bro to collab on some bounties and he jus ignored me lol

At the very least I learned that you can advertise to sysadmins via logs which is fantastic.

Yet another example of devs who are forced to be clever to keep a job doing stupid and unnecessary things that make no sense and are insecure.

Too much bells and whistles

what is a real content?

Playing Discworld

If you put it at .75 playback speed its a lot better

All your log are belong to us

Totally on some kind of drugs... :-´)

Rappers dont kill people, hackers doo😮

His accent makes it impossible. I'll read the transcript, Thor.

he know 0 coding

I'm disappointed how the audience was silent when he said you could print stuff .. hahaha the audience must not be programmers 🤣🤣🤣

STÖK i decrypt your msg at 2:20 on that alaram clock

system log = /dev/null

This pseudohuman thing is a great demonstration of why drugs are bad for you.

Great talk!