DEF CON 32 - Why are you still using my server for your internet access

DEF CON 32 - Why are you still using my server for your internet access - Thomas Boejstrup Johansen

Рет қаралды 17,576

Күн бұрын

Pawning countries at top level domain by just buying one specific domain name ‘wpad.tld’, come hear about this more the 25+ years old issue and the research from running eight different wpad.tld domains for more than one year that turn into more the 1+ billion DNS request and more then 600+GB of Apache log data with leaked information from the clients.
This is the story about how easy it is to just buying one domain and then many hundreds of thousands of Internet clients will get auto pwned without knowing it and start sending traffic to this man-in-the-middle setup there is bypassing encryption and can change content with the ability to get the clients to download harmful content and execute it.
The talk will explain the technical behind this issue and showcase why and how clients will be trick into this Man-in-the-middle trap.

Пікірлер: 46

@Jergling 3 күн бұрын

The web is a nightmare of 40 years of band-aids holding together spaghetti. My god, this is bleak.

@stansteez 3 күн бұрын

It's a miracle that it works at all :)

@quantumbacon 2 күн бұрын

So that's why it's called TCP.

@RonaldChmara Күн бұрын

40 years ago it was band-aids holding together spaghetti from 40+ years before *then*.... that's all it's ever been, or will be, and yet we still manage to do amazing things.

@ZedaZ80 4 күн бұрын

This is pretty funny, great work! It's wild this still works

@ZedaZ80 4 күн бұрын

Buddy, I cackled out loud about the crowd strike thing. A true hero!

@MiddlePath007 3 күн бұрын

He got me a few good times

@mibdev 3 күн бұрын

Completely unrelated, but I was watching this with my SO beside me, and then they went "He sounds danish", then four more seconds pass and there's a domain ending in ".dk". It's funny how you can just hear these things! :)

@RedSntDK 2 күн бұрын

To be fair, he has a quite thick accent and also uses "eller" several times. And the way he pronounces "data" is exactly like Danes do.

@7rich79 3 күн бұрын

Great talk. I was in too much of a good mood with my weekend starting. Fixed.

@yescats3327 4 күн бұрын

If you are using the VeinMaster Iot 5ghz wifi butt plug, you have to twist the sac counter clockwise to access the proxy settings. Your welcome.

@gordslater 2 күн бұрын

I tried this but it just buzzes "404 not found" in morse code. Is there a root shell? Because there's always a root shell...

@RedSntDK 2 күн бұрын

As a Dane it's hilarious how many times he uses "eller" instead of "or". Cute. 13:32 "Eller hvad hedder det.." 😅

@pete3897 3 күн бұрын

I gotta get me some of that Yavascript for my Veepad :)

@rabidpb 3 күн бұрын

He implies in a few places that his proxy can intercept HTTPS traffic, which is not the case. There's a lot of useful data in the plaintext though.

@FuckYoutubeCensorshipCunts 3 күн бұрын

Anyone can intercept HTTPS traffic. Whether or not they can decrypt it is another question

@seansingh4421 3 күн бұрын

It could be done if someone has access to certain TLS’s private pki information. Then there’s nothing stopping someone.

@alfonzo7822 2 күн бұрын

I'm guessing he's just used to saying Https instead of http.. just a little brain blip

@cmusgrave 2 күн бұрын

I think he's redirecting https to a http connection

@rabidpb 2 күн бұрын

@@cmusgrave only works if he can offer a trusted cert matching the request URL (in which case bigger things are broken)

@storm4246 4 күн бұрын

Great talk!

@ehsnils 3 күн бұрын

The ad-proxy thing could be that some ISPs are trying to inject their own ads into the web page.

@alfonzo7822 2 күн бұрын

Definitely!

@missingsig 4 күн бұрын

we are so screwed. since the City of Worms.. and beyond

@godnah 2 күн бұрын

He speaks out of one side of his mouth. That's red team activity through and through.

@Jorn-sy6ho 2 күн бұрын

Very academic this approach! When will we see Hacking as a dedicated acedemic field?

@realdavidpain 2 күн бұрын

It is my friend, it is...

@MrMatthijsr 2 күн бұрын

It already is? There are dedicated conferences and journals focused on cyber security..

@Jorn-sy6ho 2 күн бұрын

@@MrMatthijsr cool! I probably had a very specific idea in my head ;)

@andrewdunbar828 2 күн бұрын

I was having a smaller Yaver script but the technical behind it was very technique.

@bonsairobo 2 күн бұрын

GET THIS ERROR MESSAGE WHEN TRYING TO USE NETBANK

@gijsyo 17 сағат бұрын

Haha this guy. Great and sad at the same time.

@howwitty 2 күн бұрын

38:45

@NinaMcmunn 5 күн бұрын

I thought the audio would be better at a computer nerd convention

@Algoinde 5 күн бұрын

Sadly audio is provided by the venue. Or so I've heard. And the venue audio is usually the worst and the most rundown thing you can have. I'm a bit surprised defcon doesn't just run their own audio at the venue... could be achieved by using digital runs and one flight case worth of stuff nowadays.

@zwapz 4 күн бұрын

Nerds type, radio dj's talk. ;)

@NinaMcmunn 4 күн бұрын

@@zwapz this is a talk 👀

@NinaMcmunn 4 күн бұрын

@@Algoinde that makes a lot of sense, if they streamed the event the issues would probably solve themselves with the stream implementation and would actually be worthwhile to do.

@smartyhall 4 күн бұрын

Unfortunately, A/V nerds are security nerds are rarely the same. What makes it more painful for the someone like myself who is into both is that fact that most of the A/V problems they have could be solved by the audio equivalent of a couple of Raspberry Pis and a bit of creative thinking for almost nothing in either monetary or time investment. (I speak as someone who has decades of experience with the cheapest of clients - charities and churches.)