Joshua.Hu | Joshua Rogers' Scribbles

Ideas

  • A service which stores credentials for websites that a team/company has a single login for, and allows team-members to use the service without knowing the password (like proxy with persistent cookies for login). This may include “modules” for certain websites that handle login on the website automatically.

  • Fuzz scripting languages’ scripts using AFL++ to instrument actual in-script functions.

  • Some type of “fake symbol insertion” into binary files so when they’re debugged, incorrect code is shown.

  • Talk about how multibillion dollar companies are being taken over by children

  • Discuss movie posters history

  • Invent an IPv6 blocklist algorithm that works for hosting and residential

  • On being “"”arrested””” in 2013, 2014, 2024, and thoughts on police priorities and goals

  • Create a page that tracks BA members now/then.

  • CSPT CSP spec

  • Slack watcher, similar to LDAP

  • Javascript security

  • Okta phishing (disabling FastPass script check)

  • Helicopter story.

  • Gixy-ng blog

  • Bug Bounty Post

  • Github bug ($500 bounty wtf)

  • LDAP Fuzzing

  • gaas and recheck-http-api

  • ReDoS linter

  • About how the fake security research at DEFCON, and how it should be celebrated.