Joshua Rogers' Scribbles

2025

• Dec 22 My 2025 Bug Bounty Stories
• Dec 21 A helicopter story
• Dec 05 Another AI slop story: ChatGPT vs. Human
• Nov 18 AI slop security engineering: Okta's nextjs-auth0 troubles
• Nov 10 GixyNG: an overview of a Gixy fork with updated, improved, and new checks
• Oct 19 Retrospective: AI-powered security engineers and source code scanners
• Oct 04 One-Way Sandboxed Iframes: Creating a Read-Only Iframe Sandbox That Can't Read Back
• Oct 03 CCBot: Chrome Checker Bot for Chrome Security Releases
• Oct 03 body: A bash script to get the middle of a file, instead of head | tail
• Oct 03 Network Security: Absurdity of Shared NICs with BMCs and Management Networks
• Oct 02 Securely Validating Domain Names with Regular Expressions
• Oct 02 Breaking decompilers with single-function, and no-main() C codebases
• Oct 02 Flattening Arrays, Tail Call Recursion, and Stack Overflows in JavaScript
• Oct 02 ipgrep: grepping for ip addresses
• Sep 24 Swapping/Remapping the silcrow (§) key for a tilde on international Macbooks
• Sep 22 Bypassing Zscaler, Kandji MDM, and Apple Business Manager for Fun and Lulz
• Sep 19 NXDOMAIN'd: Catching unregistered domains for fun and profit
• Sep 18 Hacking with AI SASTs: An overview of 'AI Security Engineers' / 'LLM Security Scanners' for Penetration Testers and Security Teams
• Jul 19 A Comparison of Tools to Detect ReDoS-vulnerable Expressions
• Jul 05 Proxy Services, Hijacked Companies, and the Rabbit-Hole of Fake Hosting Companies and Big Sky Services
• Jun 27 nginx 'allow' and 'deny' directives with 'return'
• Jun 26 nginx's proxy_pass DNS caching problem
• Jun 18 On Iranian Censorship, Bypasses, Browser Extensions, and Proxies
• Apr 12 A small solution to DNS rebinding in Python
• Apr 04 Losing Sight and Vision of Your Mission and Culture: Part 3.5
• Apr 04 Hello, Kafka Support Here, How Can I Help You? GitHub Edition
• Mar 22 POV: You land at Melbourne Airport
• Mar 21 wtf Google: cacheable rss feeds are dead, and Atom feeds are delayed
• Mar 16 Identifying ReDoS Vulnerabilities in Nginx Configurations Using gixy-ng
• Mar 16 Losing Sight and Vision of Your Mission and Culture: Part 3
• Mar 16 On being an illegal immigrant, hacking an unlimited Schengen visa, and becoming Polish
• Feb 18 Can Nginx Configurations Be Vulnerable to ReDoS Expressions?
• Feb 15 proxy_pass: nginx's Dangerous URL Normalization of Paths
• Feb 15 Extracting TLS Session Keys in Burp Proxy à la SSLKEYLOGFILE
• Feb 14 Debugging failures of HTTP/2 in Burp, mitmproxy, and browsers
• Feb 13 NodeJS, nvm, yarn, and npm on MacOS in 2025
• Feb 13 CodeQL on MacOS
• Feb 02 Updating FreeBSD's datetime without DNS
• Feb 01 Feedburner's Caching Problem

2024

• Nov 08 Some Thoughts on "Fixing Security Issues"
• Oct 07 Webcam support on a Macbook running FreeBSD using PCI passthrough
• Sep 29 Losing Sight and Vision of Your Mission and Culture: Part 2
• Sep 26 Crawling every Debian .deb package in history from snapshot.debian.org, learning the .deb format, and finding rate-limiting bypasses
• Sep 23 A Full Guide: FreeBSD 13.3 on a MacBook Pro 11.4 (Mid 2015) (A1398)
• Aug 29 Comparing different versions of AWK with WebAssembly
• Aug 25 An automatic captive-portal resolver and DNS white-lister for DNS over TLS with Unbound
• Aug 21 BCM43602: Debugging a Wifi chipset causing a whole-system hang with FreeBSD's bhyve VM
• Jul 24 Exclusive i3 keysyms for specific programs. or: Binding Escape on imagemagick's import
• Jul 07 Encrypted NTP using NTS and chrony on FreeBSD
• Jul 06 Encrypted DNS over TLS on FreeBSD with Unbound, and Blocking Unencrypted DNS Traffic
• Jul 01 Cute color progression for my battery status indicator
• Jun 27 Fuzzing scripting languages' interpreters' native functions using AFL++ to find memory corruption and more
• Jun 18 On using private browsing mode for half a year
• May 02 Supply chain attacks and the many (other) different ways I've backdoored your dependencies
• Apr 01 A DoS Attack in RuneScape: In 3-Dimensions!
• Feb 02 The End of Yubikeys as 2-Factor-Authentication? Google Breaks 2FA with Yubikeys in Favor of Passkeys
• Jan 24 Mounting and reading an ext4 drive on MacOS
• Jan 16 A RuneScape Hacker's Dream: An Authenticator and PIN Bypass
• Jan 15 Credential Stuffing Done Right: Some Tips
• Jan 12 Automatically Generating a Well-Tuned Fuzzing Campaign With AFL++
• Jan 11 SSH-Snake Update: Multi-IP Domain Resolution
• Jan 09 On the Google Account Persistence Exploit
• Jan 09 Firefox now automatically trusting the operating system's root store for TLS certificates - update: it does so only for user-added ones
• Jan 06 LDAP Watchdog: Real-time LDAP Monitoring for Linux and OpenLDAP
• Jan 04 SSH-Snake: Automatic traversal of networks using SSH private keys
• Jan 02 Fuzzing with memfd_create(2) and fmemopen(3)

2023

• Dec 19 Bash and SSH fun: SSH is eating my stdin! Or: why does my Bash script not continue after returning from a function?
• Dec 16 No new iPhone? No secure iOS: Looking at an unfixed iOS vulnerability
• Dec 09 SSH Adventures Continued: Invalid CVE-2018-15473 Patches
• Dec 07 Losing Sight and Vision of Your Mission and Culture
• Nov 15 More fun with bash: bash, ssh, and ssh-keygen version quirks
• Nov 12 Dumping bash variable values from memory using gdb
• Nov 10 Playing with SSH: carriage returns on stderr output
• Nov 07 Fuzzing glibc's libresolv's res_init()
• Nov 05 Revisiting My Old Blog
• Nov 04 Revisiting the past: Security recommendations of a 17-year-old Joshua
• Oct 17 How to DoS MySQL/MariaDB and PostgresSQL Servers With Fewer Than 55kb of Data
• Oct 11 55 Vulnerabilities in Squid Caching Proxy and 35 0days
• Oct 01 root with a single command: sudo logrotate
• Sep 17 Fuzzing with multiple servers in parallel: AFL++ with Network File Systems
• Sep 13 CVE-2023-4863: Fallout hits Facebook; probably much much more
• Sep 05 Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154
• Aug 22 Tracking a secret LoginTime LDAP attribute with Operational Attributes
• Aug 20 My Wrocław tourism tips and recommendations
• Aug 20 Slack login is broken with noscript
• Aug 18 Improve nmap's service scanning with this 1 weird trick!
• Aug 13 Speeding up nmap service scanning 16x
• Jul 30 5 Tips For Port Service Scanning 16x Faster: Part 1
• Jul 12 Describing All Kubernetes Pods of All Namespaces for Fun and Profit
• Jul 10 Stealing All of Hashicorp Vault's Secrets Using Login Enumeration
• Jun 26 Achieving persistence with a hidden SSH backdoor
• Feb 21 Attacking a temperamental ten-year-old Jenkins server

2022

• Jun 05 Attacking a scripting language's cryptographic functions with Wycheproof
• Apr 18 Creating an eBay crawler for fun and profit
• Apr 14 How I got into the security industry