@@fullfungo he was pretending that his entire career (which seemingly consists of understanding 15 nginx config properties) is harder than mopping a floor.
40 years ago it was band-aids holding together spaghetti from 40+ years before *then*.... that's all it's ever been, or will be, and yet we still manage to do amazing things.
This is absolutely mind blowing. And the presentation was top notch. He totally foreplayed us all and when he bought the domain I knew it was gonna be a total show. Just. Amazing.
Completely unrelated, but I was watching this with my SO beside me, and then they went "He sounds danish", then four more seconds pass and there's a domain ending in ".dk". It's funny how you can just hear these things! :)
-I think he's redirecting https to a http connection- re-watching the video, at about 10 minutes, he's using the wpad proxy script to ensure that all connections to his proxy server are on port 80 / unencrypted connection
+1. I wanted to know this too. At first I figured it's set at the OS level, maybe in some proxy discover daemon as part of the networking daemon ...but the more I think about it the more I reckon it's at the application-level. It must be the browser runtime reaches out, or the antivirus reaches out, or the Steam client itself reaches out, etc (he does mention to set a rule in /etc/hosts to resolve it locally 127.0.0.1). I wonder if my machine does it too? I'm going to setup a rule in my /etc/hosts then setup an nginx server to capture any requests. I'm on Ubuntu. (This is really blowing my mind. Best talk so far imo)
@@Sonyboj Not every pc, but many. You have to have automatic proxy discovery enabled, you can't have a DHCP server that sets a custom WPAD address, your FQDN has to be under a top level domain where he controls the wpad domain, and there can't be any higher level wpad domain existing.
@@_mr_andersson They also need the implementation to be wrong; I believe he mentioned the spec said to recursively fetch, but not all the way to the top level domain. (perhaps I am misremembering as I saw this video a week ago)
Sadly audio is provided by the venue. Or so I've heard. And the venue audio is usually the worst and the most rundown thing you can have. I'm a bit surprised defcon doesn't just run their own audio at the venue... could be achieved by using digital runs and one flight case worth of stuff nowadays.
@@Algoinde that makes a lot of sense, if they streamed the event the issues would probably solve themselves with the stream implementation and would actually be worthwhile to do.
Unfortunately, A/V nerds are security nerds are rarely the same. What makes it more painful for the someone like myself who is into both is that fact that most of the A/V problems they have could be solved by the audio equivalent of a couple of Raspberry Pis and a bit of creative thinking for almost nothing in either monetary or time investment. (I speak as someone who has decades of experience with the cheapest of clients - charities and churches.)
Most danish presenter ever, no context, no intro, just right into the presentation. Fun talk!
His ancestors were also pretty straighforward too am sure 😂😂 (think longboats....). Great talk!!
and spelling "w" as "v" :D
And I still have no idea what the presentation was about 😅
@@fullfungo he was pretending that his entire career (which seemingly consists of understanding 15 nginx config properties) is harder than mopping a floor.
The web is a nightmare of 40 years of band-aids holding together spaghetti. My god, this is bleak.
It's a miracle that it works at all :)
So that's why it's called TCP.
40 years ago it was band-aids holding together spaghetti from 40+ years before *then*.... that's all it's ever been, or will be, and yet we still manage to do amazing things.
This is absolutely mind blowing. And the presentation was top notch. He totally foreplayed us all and when he bought the domain I knew it was gonna be a total show. Just. Amazing.
His error message should have included "if the problem persists, please contact your network administrator or upgrade to a current operating system".
This is pretty funny, great work! It's wild this still works
Buddy, I cackled out loud about the crowd strike thing. A true hero!
He got me a few good times
Great talk. I was in too much of a good mood with my weekend starting. Fixed.
*opens pi-hole*
adds wpad to the block list
o.o
As a Dane it's hilarious how many times he uses "eller" instead of "or". Cute.
13:32 "Eller hvad hedder det.." 😅
So man foreigns.
Completely unrelated, but I was watching this with my SO beside me, and then they went "He sounds danish", then four more seconds pass and there's a domain ending in ".dk". It's funny how you can just hear these things! :)
To be fair, he has a quite thick accent and also uses "eller" several times. And the way he pronounces "data" is exactly like Danes do.
@@RedSntDK The same with Java. In danish the J is more soft, and will sound like the english "yah" or "yea". So it would be kinda like "Yava".
Great talk!
The ad-proxy thing could be that some ISPs are trying to inject their own ads into the web page.
Definitely!
or just block all ads. thats how I do it. I hate ads.
If you are using the VeinMaster Iot 5ghz wifi butt plug, you have to twist the sac counter clockwise to access the proxy settings. Your welcome.
I tried this but it just buzzes "404 not found" in morse code. Is there a root shell? Because there's always a root shell...
I gotta get me some of that Yavascript for my Veepad :)
The guy who only proxies ads is probably blocking ads.
and then ddossing whoevers IP he puts there? cool botnet idea
He implies in a few places that his proxy can intercept HTTPS traffic, which is not the case. There's a lot of useful data in the plaintext though.
Anyone can intercept HTTPS traffic. Whether or not they can decrypt it is another question
It could be done if someone has access to certain TLS’s private pki information. Then there’s nothing stopping someone.
I'm guessing he's just used to saying Https instead of http.. just a little brain blip
-I think he's redirecting https to a http connection- re-watching the video, at about 10 minutes, he's using the wpad proxy script to ensure that all connections to his proxy server are on port 80 / unencrypted connection
@@cmusgrave only works if he can offer a trusted cert matching the request URL (in which case bigger things are broken)
Very academic this approach! When will we see Hacking as a dedicated acedemic field?
It is my friend, it is...
It already is? There are dedicated conferences and journals focused on cyber security..
@@MrMatthijsr cool! I probably had a very specific idea in my head ;)
You mean computer science ? To hack something you must understand it.
How are they getting a wpad proxy on their machines in the first place? Just using the browser or they set it in settings?
+1. I wanted to know this too. At first I figured it's set at the OS level, maybe in some proxy discover daemon as part of the networking daemon ...but the more I think about it the more I reckon it's at the application-level. It must be the browser runtime reaches out, or the antivirus reaches out, or the Steam client itself reaches out, etc (he does mention to set a rule in /etc/hosts to resolve it locally 127.0.0.1).
I wonder if my machine does it too? I'm going to setup a rule in my /etc/hosts then setup an nginx server to capture any requests. I'm on Ubuntu.
(This is really blowing my mind. Best talk so far imo)
All Microsoft software, and many third party applications, use the IE/Edge proxy settings and they have WPAD enabled by default.
@@_mr_andersson But then EVERY PC would be connected to this?
@@Sonyboj Not every pc, but many. You have to have automatic proxy discovery enabled, you can't have a DHCP server that sets a custom WPAD address, your FQDN has to be under a top level domain where he controls the wpad domain, and there can't be any higher level wpad domain existing.
@@_mr_andersson They also need the implementation to be wrong; I believe he mentioned the spec said to recursively fetch, but not all the way to the top level domain. (perhaps I am misremembering as I saw this video a week ago)
He speaks out of one side of his mouth. That's red team activity through and through.
I was having a smaller Yaver script but the technical behind it was very technique.
GET THIS ERROR MESSAGE WHEN TRYING TO USE NETBANK
Dude really? 😂🤯 Adjust your hosts file my friend. And if it's not a personal machine then 1000% tell your IT / networking people.
@@trudyandgeorge he is quoting the presentation... also yeah just tell grandma to adjust her host file... This needs to be fixed on an OS level.
lmao! this presentation is sooo funny~🤣🤣🤣 Also, he is a Master Troll! *bows*
Haha this guy. Great and sad at the same time.
38:45
what a fuckin waste of time. feel bad if there was anyone in the audience lol
besically it should be criminal to inform you close a bug and its still there.
The definition of "bug" is very loose.
@@rwz@rwz Once you talk about closing it you do have opportunity to explain what are you closing and how.
So, so soooo funny
I thought the audio would be better at a computer nerd convention
Sadly audio is provided by the venue. Or so I've heard. And the venue audio is usually the worst and the most rundown thing you can have. I'm a bit surprised defcon doesn't just run their own audio at the venue... could be achieved by using digital runs and one flight case worth of stuff nowadays.
Nerds type, radio dj's talk. ;)
@@zwapz this is a talk 👀
@@Algoinde that makes a lot of sense, if they streamed the event the issues would probably solve themselves with the stream implementation and would actually be worthwhile to do.
Unfortunately, A/V nerds are security nerds are rarely the same. What makes it more painful for the someone like myself who is into both is that fact that most of the A/V problems they have could be solved by the audio equivalent of a couple of Raspberry Pis and a bit of creative thinking for almost nothing in either monetary or time investment. (I speak as someone who has decades of experience with the cheapest of clients - charities and churches.)
>Using AI for the presentation
MINIX.
.local and .ad... yesssss