Weaponizing Plain Text - ANSI Escape Sequences as a Forensic Nightmare
Ekoparty Security Conference via YouTube
The Most Addictive Python and SQL Courses
Learn EDR Internals: Research & Development From The Masters
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore the dark side of log manipulation in this 49-minute conference talk from Ekoparty 2023. Dive into the world of ANSI escape sequences and their potential for injecting, vandalizing, and weaponizing plaintext logfiles in modern applications. Revisit a dormant vulnerability class, examining old terminal injection research and log tampering techniques from the 80s and 90s, while combining them with new features to create chaos in cloud CLIs, mobile devices, and DevOps terminal emulators. Learn about the consequences of malicious escape sequences in logfiles and discover preventive measures to ensure log data integrity. Join hacker and creative STÖK on this colorful ANSI adventure to understand the importance of trustworthy log data and how to avoid a potential forensic nightmare in application security.
Syllabus
Weaponizing Plain Text: ANSI Escape Sequences as a Forensic Nightmare -STOK - Ekoparty 2023
Taught by
Ekoparty Security Conference