A few of the talks I am looking forward to at #Defcon 31 this weekend:
* "Terminally Owned": https://forum.defcon.org/node/245741
* "Fantastic Ethertypes and Where to Find Them": https://forum.defcon.org/node/245756
* "A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE": https://forum.defcon.org/node/245713
* "Mass Owning of Seedboxes - A Live Hacking Exhibition": https://forum.defcon.org/node/245760
if anyone had told 18-yo me that I would be traveling to the same city at the same time for the next 20+ years...
This walkthrough of reverse engineering and then exploiting a RIGOL scope by @krive@fosstodon.org is beautiful, thanks for sharing! https://tortel.li/post/insecure-scope/
Introducing jswzl: In-depth JavaScript analysis for web security testers https://www.jswzl.io/post/introducing-jswzl-in-depth-js-analysis-for-web-security-testers
Congratulations on the launch Charlie Eriksen!
>We used a Google Ads pre-registration campaign to get installs for our app. We paid for 16,171 conversions. We only received 1,371 installs.
Not a great outcome:
https://andreaskambanis.com/google-play-store-pre-registration-campaigns/
A neat information leak in browsers that support mDNS-based hostname resolution. The demo brute forces common names + device prefixes/suffixes, but this can be abused for a dozen other things (do you have a specific IoT device on your network? do you use Meraki? etc):
https://fingerprint.com/blog/apple-macos-mdns-brute-force/
A great analysis of resident key challenges with UAF: https://fy.blackhats.net.au/blog/2023-02-02-how-hype-will-turn-your-security-key-into-junk/
PSA: If you are using AWS Aurora PostgreSQL 15.2 on aarch64 (r6g, etc) your servers may randomly abort with `PANIC: queueing for lock while waiting on another one`: https://github.com/postgres/postgres/blob/f4c00d138f6dea4c9d8af8ec280b7edc9b0a29e1/src/backend/storage/lmgr/lwlock.c#L1074
Google Domains is shutting down after selling the business to Squarespace... any great registrar recommendations? https://9to5google.com/2023/06/15/google-domains-squarespace/
Congrats to the Gandi investors on their sale. Thanks for posting such a comprehensive list of price increases too! https://www.gandi.net/static/documents/2023-july-usd-renew-price-increase.pdf