He's an amazing presenter .. and a gem for the community.. great job Stök ❤

I've never been so nervous to go look at logs.....

This is probably one of the best presentation, if not the best, I ever saw, for any content, ever

This is hands down one of the best talks I've ever heard. Good job Stök!

This is something I highlighted in a comment thread at ISC some years back, I think Johannes wrote a follow-up post about it. Back in the day, ins MS-DOS, you could print an ANSI sequence that would actually redefine what the keys did. So if you pressed space, you'd get "del c:\dos\*" for example ..

i was in a AIX troubleshooting class in ~2005 and the trainer warned us about ever, every opening log files for network services without cleansing them first (and not as root, duh). i try to still stick by that, and any security issue in strings/file or ox or regex libs triggers horrible paranoia. regex especially with mod_security being a massive regex target.

Super fun talk. Very slick! Back i the day you could encode vbScripts (probably because you had secrets in there). Someone made a vbScript decoder. I used to stuff my vbScritps with commented out ASCII DEL characters. After decryption you get an empty file. jättekul!!

what a freakin' incredible presentation ~ the timing so poignant and comedic, while never undermining the seriousness of the situation. i'd work with this guy

Fun and interesting talk. I discovered an angle on this many years ago on IRC. UTF-8 sequences can contain certain valid control codes in the 2nd byte and onwards, allowing you to "smuggle" them past sanitization when configuration of things doesn't line up. For example, some users' IRC clients would receive and interpret the byte sequences as UTF-8 but their terminal would honor the control codes. \x9B from the C1 control codes worked as a CSI when I played with it, and can be the second byte of a valid UTF-8 character.

this was truly amazing talk! love stoks work for many years now but he always has a fantastic way of conveying his knowledge so detailed but in a digestible way! thanks you!

Very glad this was put on youtube! I've been telling people about this talk since I walked out of it, and now I can send people the video

Thanks for the amazing shout-out for dgl -- we think he's amazing, too :D

i teared up laughing at the billion peace signs part. you’re the man! keep pushing, love from Canada

nice talk.. i dont knowe so much about ANSI security but did get a lot wiser. thank you very much 4 all time you put in. so easy when you explain it.

25 years ago a friend of mine and me implemented a BBS/Chat-Server in plain Java (Java1.2 on linux it was) to replace an existing old c implementation variant which was not maintainable anymore as uni-project. it never got live as the admins of the existing missed features and we did want to code further (after one and a half year extensive daily coding)without going live. we got our uni credits and we learned so much during that time we played a lot with ESC sequences, cursors tabs backspace/delete full color mode and stuff, all stuff which was not possible or mediocre in the c implementation. we did a serverside ncurses like gui builder and and and. and we made it optional to write colored logs Critical in bold red, Medium in yellow and status messages were green with esc sequences all full bells and whistles... at that time until your talk i saw yesterday, i never thought of abusing them for any evil stuff... man we were so naiv and good meaning :D thx for the great talk and bringing back a lot of great memories

Well done. This talk could use a followup with more nuts-and-bolts detail. I got heavily into all this over twenty years ago because of the explosion of abuse/attacks taking place back then, with a lot of it including or relying upon ANSI escape codes in multiple formats. It wasn't just terminals getting owned and logs getting edited, overwritten, and otherwise abused - it was full-spectrum abuse in browsers, apps, whatever. The issues with ANSI/Unicode abuse are not at all limited to escape sequences. It gets, of course, much worse. But the escape sequences in terminals (or relying on terminals) can do an enormous amount and there is readily available documentation on the general proper usage of these codes. And there are also documented accounts of past abuses, as this video discusses. So this subject captures a core set of built-in abuse vectors that to back to the dawn of computing. This core gets to the core of a big part of why computer networks remain fundamentally indefensible: American-institution stewardship of of computing standards, where those institutions trace back to secrecy-obsessed, transparency-averse, Cold-War agencies tasked with what we euphemistically call intelligence and defense. That last bit (which I include just to emphasize the importance of the topic, taken in general terms) gets too far ahead, however, of what I have in mind. What people could use now, it seems - smart or otherwise - would be a detail-focused companion presentation to this brilliant, decades-spanning introduction by Stök.

7:21 fun fact, there is an xterm OSC escape sequence reserved for emacs shell

This was such an entertaining presentation. Had a good time watching it. Very well done.

Such an entertaining talk, with great implications. Great job!

Only just got chance to watch this now. Great work Stök , and it was great to hear you talking again. I know it was a 40 minute talk, but I can't imagine the amount of hard work and time that went into that 🤘

This guy is super compelling! Really fun presentation

Jesus Christ Stok you guys have changed the game entirely, way to go!

my immediate thought after hearing about changing colours and needing to end the colour change with another escape sequence was that you could make all text the same colour as the terminal background. or maybe just some of the text

11:00 "Is this even a security issue?" This is the long, long shadow of Master Mode and "Old = New(new)" is absolutely spot on, in this case. History repeats not because people don't know history but because they do.

Great talk!

What a legend. Wish I had a brain that worked like this. Also what a killer presentation!

We all need more attitudes like Stök on our teams.

really great stuff man! i love the ideas building on ideas with comedy, awesome!

Loved this! Stök always impresses!

This guy and his videos got me into infosec. So glad to see my boy at DefCon!

Woohoo!!!! STOK great talk man!

Great talk! Keep up the good work!

Never heard of him, but he is quite a fun presenter. And I will never work with log files the same way again. I knew about these back in the day, and also what you could do with them on terminals because I use a lot of ncurses stuff,, but I never really thought of the impact they could have through injection.

nice to see stok presenting in defcon 🔥

Great presentation, you are a fun crazy man! Kind regards. Mrs. Ragone

Yoo Stök!! Youre amazing, one of the best !

That's pure gold Hay stock I know u are going through a lot mantlly I really hope u ll get well soon And u come back soon May the karma be with u

This guy had me in the first 60 seconds

The best professor

Thanks for the talk, very passionate :)

Woke me up... 😂. Excellent presentation and wired dude. 👍👍

Wow, he got video and audio to work live first try!

nice ! best energy ever

Thor After Love and Thunder. 🔥

Wow, I didn't know Macaulay Culkin was big into ANSI escape sequences!

Hey, it's 98 again. I remember my takeaway from back then was to use less instead of more

Thats cooooolll!!!!

8:00 Since editors nowadays (and their syntax highlighting) don't really like brackets that aren't closed, I tend to use "\033\133" instead of "\e[".

Balls. I even use this in my bashrc # Function to set the title of the window function retitle(){ echo -ne "\033]2;$1\007" } # Export to allow scripts to retitle the window they're run in. export -f retitle

Amazing talk!!

I majorly use ANSI mode when editing images in Notepad++ it just makes it more visually enjoyable to work with. Opening up jpg, png or avif code can look pretty crazy in utf-8 xthis xthat...lol😂

This dude is awesome.

I had a friend back in the early to mid 1990's tell another friend of mine he put an ansi bomb into a video memory of a BBS me and him had a good laugh but my other friend ended up called the bbs provider and tell them that he had done this and they ended up shutting down the POP dial IN number for a week

the G.O.A.T

ansi escape codes turing complete? :)

His accent makes it impossible. I'll read the transcript, Thor.

This talk makes me scared of using cat! Every once in a while i open a binary log/file with cat accidentally and the terminal rightfully barfs at me for doing it. But i never imagined rouge escape sequences could actually cause that much damage when abused by an attacker! yikes!

Snyggt jobbat

amazing wow 👏👏👏👏

You know what I hate? When I ask for logs and get EDITED logs, because people think they can read logs themselves... they can not.

4:45 this is gonna be good. what about all that alexa stuff with this. sounds dangerous edit:sp

6:52 did that apostrophe get injected there via a rogue ANSI escape sequence?

Soo cool

All your log are belong to us

is polyglot from 25:22 public somewhere to download?

Talk doesn't start till ~6:45. Be warned, obscene amount of memes, GIFs, and such. Also, what's old is new again. I guess showiness, having a brand and tons of followers is what gets you the ability to present talks.

If you put it at .75 playback speed its a lot better

Playing Discworld

Too much bells and whistles

Couple years back I tried to reach out to bro to collab on some bounties and he jus ignored me lol

what is a real content?

I'm disappointed how the audience was silent when he said you could print stuff .. hahaha the audience must not be programmers 🤣🤣🤣

STÖK i decrypt your msg at 2:20 on that alaram clock

This pseudohuman thing is a great demonstration of why drugs are bad for you.

Great talk!