# LLM Feed for Hacker Joshua Rogers' blog, https://joshua.hu/ _Generated: Sun, 08 Mar 2026 09:41:50 +0000_ ## All Posts =============================================================================== POSTS =============================================================================== The links below take you to the raw Markdown content, and the blog posts themselves. - [Making Firefox's right-click not suck, even more, with userChrome.css](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2026-03-07-firefox-making-right-click-not-suck-even-more-with-userchrome.md): [A practical userChrome.css guide for decluttering Firefox right-click menus on macOS, hiding AI/chatbot prompts, link previews, OCR, visual search, and other low-value context menu items.](https://joshua.hu/firefox-making-right-click-not-suck-even-more-with-userchrome) - [Making Firefox's right-click not suck with about:config](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2026-03-04-firefox-making-right-click-not-suck.md): [A practical about:config checklist to declutter Firefox right-click menus on macOS, disabling AI/chatbot prompts, link previews, OCR, visual search, and other low-value context menu items.](https://joshua.hu/firefox-making-right-click-not-suck) - [wtf is NS_ERROR_INVALID_CONTENT_ENCODING? investigating shared dictionaries and ChatGPT breakage in Firefox](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2026-01-16-chatgpt-fail-loading-firefox.md): [Investigating and diagnosing ChatGPT's outage for Firefox users, resulting in endless loading and inoperable buttons.](https://joshua.hu/chatgpt-fail-loading-firefox) - [From gixy-ng to Gixy-Next: rescuing the nginx security scanner, Gixy, from AI slop](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2026-01-10-gixy-ng-ai-slop-gixy-next-maintained.md): [Introducing Gixy-Next, a maintained fork of Gixy for modern Python: improved nginx config parsing, new plugins, normalized output, and a local in-browser scanner.](https://joshua.hu/gixy-ng-ai-slop-gixy-next-maintained) - [My 2025 Bug Bounty Stories](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-12-22-2025-bug-bounty-stories-fail.md): [A recap of my 2025 bug bounty experiences, featuring failures and stories from Google Cloud, GitHub, Vercel, Opera, and others.](https://joshua.hu/2025-bug-bounty-stories-fail) - [A helicopter story](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-12-21-helicopter-story.md): [A personal story about how a friend and I organized a helicopter ride from Austria to Poland, where everything that could go wrong, did.](https://joshua.hu/helicopter-story) - [Another AI slop story: ChatGPT vs. Human](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-12-05-ai-slop-story-nginx-leaking-dns-chatgpt.md): [Incident response failure: How engineers trusted ChatGPT over technical evidence regarding a critical Nginx DNS data leak.](https://joshua.hu/ai-slop-story-nginx-leaking-dns-chatgpt) - [AI slop security engineering: Okta's nextjs-auth0 troubles](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-11-18-ai-slop-okta-nextjs-0auth-security-vulnerability.md): [When AI engineering fails: Dealing with hallucinations, misattribution, and broken code in an Okta/Auth0 pull request maintained by AI.](https://joshua.hu/ai-slop-okta-nextjs-0auth-security-vulnerability) - [Gixy-Next: an overview of a Gixy fork with updated, improved, and new checks](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-11-10-gixy-ng-new-version-gixy-updated-checks.md): [Overview of Gixy-Next: New Nginx security checks I added, and the quality degradation caused by low-quality AI-generated contributions.](https://joshua.hu/gixy-ng-new-version-gixy-updated-checks) - [Retrospective: AI-powered security engineers and source code scanners](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-10-19-retrospective-zeropath-ai-sast-source-code-security-scanners-vulnerability.md): [Retrospective: ZeroPath found 98% of bugs in curl. Analyzing the impact of AI-powered SASTs on open source security and bug bounties.](https://joshua.hu/retrospective-zeropath-ai-sast-source-code-security-scanners-vulnerability) - [One-Way Sandboxed Iframes: Creating a Read-Only Iframe Sandbox That Can't Read Back](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-10-04-rendering-sandboxing-arbitrary-html-content-iframe-interacting.md): [Creating a secure, one-way sandboxed iframe. How to render untrusted HTML and execute commands safely via postMessage without risking the parent.](https://joshua.hu/rendering-sandboxing-arbitrary-html-content-iframe-interacting) - [CCBot: Chrome Checker Bot for Chrome Security Releases](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-10-03-ccbot-chrome-checker-bot-googlechromereleases-chromium-updates.md): [Automating chrome security tracking. CCBot is a Python tool that parses the chaotic Google Chrome Releases blog to alert on critical updates.](https://joshua.hu/ccbot-chrome-checker-bot-googlechromereleases-chromium-updates) - [body: A bash script to get the middle of a file, instead of head | tail](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-10-03-body-head-tail-bash-script-middle-of-file.md): [Meet 'body': A faster, smarter alternative to 'head | tail' for extracting and printing the middle lines of a large file in Bash.](https://joshua.hu/body-head-tail-bash-script-middle-of-file) - [Network Security: Absurdity of Shared NICs with BMCs and Management Networks](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-10-03-bmc-ipmi-idrac-backdoors-servers-shared-nic-management-network-takeover.md): [The security risks of shared NICs on servers. How to hijack the management network (IPMI/BMC) directly from the host OS via VLAN tagging.](https://joshua.hu/bmc-ipmi-idrac-backdoors-servers-shared-nic-management-network-takeover) - [Securely Validating Domain Names with Regular Expressions](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-10-02-validating-domain-names-with-regex.md): [Validating domain names securely. A ReDoS-safe regular expression pattern for verifying hostnames and handling Punycode domains.](https://joshua.hu/validating-domain-names-with-regex) - [Breaking decompilers with single-function, and no-main() C codebases](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-10-02-packing-codebase-into-single-function-disrupt-reverse-engineering.md): [Breaking reverse engineering tools by packing an entire C codebase into a single 'main' function or removing main entirely to confuse decompilers.](https://joshua.hu/packing-codebase-into-single-function-disrupt-reverse-engineering) - [Flattening Arrays, Tail Call Recursion, and Stack Overflows in JavaScript](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-10-02-javascript-infinite-tail-call-recursion-stack-overflow.md): [Fixing 'Maximum call stack size exceeded' in JavaScript. How to replace recursion with iteration and local stacks when flattening arrays.](https://joshua.hu/javascript-infinite-tail-call-recursion-stack-overflow) - [ipgrep: grepping for ip addresses](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-10-02-ipgrep-grep-for-ip-address-bash-freebsd-macos-linux.md): [ipgrep: A simple, powerful Bash alias using Extended Regular Expressions to quickly and accurately grep IPv4 addresses from text or logs.](https://joshua.hu/ipgrep-grep-for-ip-address-bash-freebsd-macos-linux) - [Swapping/Remapping the silcrow (§) key for a tilde on international Macbooks](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-09-24-remapping-keys-macbook-incorrect-tilde-section-double-s-silcrow-characters-keyboard.md): [Fix the misplaced tilde and silcrow (§) keys on international MacBooks. A guide to remapping keys using hidutil and LaunchAgents.](https://joshua.hu/remapping-keys-macbook-incorrect-tilde-section-double-s-silcrow-characters-keyboard) - [Bypassing Zscaler, Kandji MDM, and Apple Business Manager for Fun and Lulz](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-09-22-bypassing-kandji-mdm-apple-business-abmmacos-2025.md): [How to bypass Apple Business Manager and remove Kandji/Zscaler MDM from macOS using recovery mode, file system modification, and DNS blocking.](https://joshua.hu/bypassing-kandji-mdm-apple-business-abmmacos-2025) - [NXDOMAIN'd: Catching unregistered domains for fun and profit](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-09-19-nxdomaind-catch-unregistered-expired-domains-browser-supply-chain-attacks.md): [NXDOMAIN'd: A browser extension to detect unregistered domains in your supply chain for potential takeover and security research.](https://joshua.hu/nxdomaind-catch-unregistered-expired-domains-browser-supply-chain-attacks) - [Hacking with AI SASTs: An overview of 'AI Security Engineers' / 'LLM Security Scanners' for Penetration Testers and Security Teams](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-09-18-llm-engineer-review-sast-security-ai-tools-pentesters.md): [Reviewing AI Security Engineers: How ZeroPath found 200+ bugs in curl and why AI SASTs are becoming a viable replacement for traditional tools.](https://joshua.hu/llm-engineer-review-sast-security-ai-tools-pentesters) - [A Comparison of Tools to Detect ReDoS-vulnerable Expressions](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-07-19-comparing-redos-detection-tools.md): [Benchmarking ReDoS detection tools. I compared Semgrep, CodeQL, regexploit, and others against a corpus of vulnerable regexes.](https://joshua.hu/comparing-redos-detection-tools) - [Proxy Services, Hijacked Companies, and the Rabbit-Hole of Fake Hosting Companies and Big Sky Services](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-07-05-rokso-proxy-service-hijacked-shell-companies-spam-big-sky-services.md): [Investigating 'Big Sky Services': How hijacked shell companies and a massive proxy network flooded an Opera legacy endpoint with traffic.](https://joshua.hu/rokso-proxy-service-hijacked-shell-companies-spam-big-sky-services) - [nginx 'allow' and 'deny' directives with 'return'](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-06-27-nginx-return-allow-deny.md): [The 'return' directive in Nginx bypasses 'allow' and 'deny' rules due to rewrite phases. Learn why this happens and how to fix it with try_files.](https://joshua.hu/nginx-return-allow-deny) - [nginx's proxy_pass DNS caching problem](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-06-26-nginx-dns-caching.md): [Nginx proxy_pass doesn't respect TTLs by default. Learn the security risks of stale DNS records and how to force re-resolution in your config.](https://joshua.hu/nginx-dns-caching) - [On Iranian Censorship, Bypasses, Browser Extensions, and Proxies](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-06-18-iranian-browser-extension-addon-censorship-bypasses.md): [Investigating a fake Opera Addon store used to bypass Iranian censorship, and the role of 'Reality' proxies and Sandvine in internet restrictions.](https://joshua.hu/iranian-browser-extension-addon-censorship-bypasses) - [A small solution to DNS rebinding in Python](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-04-12-solving-fixing-interesting-problems-python-dns-rebindind-requests.md): [Prevent DNS rebinding attacks in Python. A secure implementation of a HostHeaderSSLAdapter to validate resolved IP addresses in Requests.](https://joshua.hu/solving-fixing-interesting-problems-python-dns-rebindind-requests) - [Losing Sight and Vision of Your Mission and Culture: Part 3.5](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-04-04-losing-sight-vision-mission-of-your-role-part-3-5.md): [How report-uri.com uses Cloudflare Turnstile to ironically block the very CSP violation reports it is designed to collect from browsers.](https://joshua.hu/losing-sight-vision-mission-of-your-role-part-3-5) - [Hello, Kafka Support Here, How Can I Help You? GitHub Edition](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-04-04-death-of-a-tech-support-github-edition.md): [A Kafkaesque experience with GitHub support regarding case-sensitivity bugs in commit emails, and dealing with unhelpful 'AI' style responses.](https://joshua.hu/death-of-a-tech-support-github-edition) - [POV: You land at Melbourne Airport](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-03-22-pov-entering-melbourne-airport-total-failure-society.md): [A satirical POV on the frustration of entering Melbourne Airport: paper forms, broken WiFi, and a confusing public transport experience.](https://joshua.hu/pov-entering-melbourne-airport-total-failure-society) - [wtf Google: cacheable rss feeds are dead, and Atom feeds are delayed](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-03-21-wtf-google-feedburner-cache-problem-atom-rss.md): [Update: Google kills RSS support and breaks Atom feeds. How Feedburner's continued caching failures and stale data affect aggregators.](https://joshua.hu/wtf-google-feedburner-cache-problem-atom-rss) - [Identifying ReDoS Vulnerabilities in Nginx Configurations Using Gixy-Next](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-03-16-regex-redos-recheck-nginx-gixy.md): [Automating ReDoS detection in Nginx. How I integrated 'recheck' into 'Gixy-Next' to identify vulnerable regex configurations via a custom plugin.](https://joshua.hu/regex-redos-recheck-nginx-gixy) - [Losing Sight and Vision of Your Mission and Culture: Part 3](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-03-16-losing-sight-vision-mission-of-your-role-part-3.md): [When security tools break usability: A look at how Cloudflare Turnstile blocks legitimate API requests and frustrates paid users.](https://joshua.hu/losing-sight-vision-mission-of-your-role-part-3) - [On being an illegal immigrant, hacking an unlimited Schengen visa, and becoming Polish](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-03-16-i-was-an-illegal-immigrant-schengen-visa-overstay-poland.md): [My story of staying in Europe by legally exploiting bilateral visa agreements, avoiding Schengen limits, and eventually obtaining citizenship.](https://joshua.hu/i-was-an-illegal-immigrant-schengen-visa-overstay-poland) - [LLMs are destroying art: the art of code, literature, and culture.](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-03-01-code-is-art-llm-people-losers.md): [My views on how LLMs have made me stop caring about code as an artform, articles generated with LLMs, and culture copied from an RNG](https://joshua.hu/code-is-art-llm-people-losers) - [Can Nginx Configurations Be Vulnerable to ReDoS Expressions?](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-02-18-nginx-directives-regex-redos-denial-of-service-vulnerable.md): [Can Nginx configurations be DDoSed? Exploring ReDoS vulnerabilities in regex directives and how to crash a server with simple request strings.](https://joshua.hu/nginx-directives-regex-redos-denial-of-service-vulnerable) - [proxy_pass: nginx's Dangerous URL Normalization of Paths](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-02-15-proxy-pass-nginx-decoding-normalizing-url-path-dangerous.md): [Is your Nginx configuration vulnerable? A deep dive into dangerous URL normalization in proxy_pass, path traversal risks, and how to secure it.](https://joshua.hu/proxy-pass-nginx-decoding-normalizing-url-path-dangerous) - [Extracting TLS Session Keys in Burp Proxy à la SSLKEYLOGFILE](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-02-15-extracting-tls-session-keys-burp-proxy-debugging.md): [How to extract TLS session keys from Burp Suite to decrypt HTTP/2 traffic in Wireshark for better debugging and network analysis.](https://joshua.hu/extracting-tls-session-keys-burp-proxy-debugging) - [Debugging failures of HTTP/2 in Burp, mitmproxy, and browsers](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-02-14-http2-burp-proxy-mitmproxy-nginx-failing-load-resources-chromium.md): [Debugging Nginx and Burp Suite HTTP/2 failures. How 'keepalive_requests' exhaustion causes GOAWAY frames and broken resource loading.](https://joshua.hu/http2-burp-proxy-mitmproxy-nginx-failing-load-resources-chromium) - [NodeJS, nvm, yarn, and npm on MacOS in 2025](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-02-13-nvm-yarn-npm-node-setup-macos-2025.md): [Setting up a JavaScript dev environment on MacOS in 2025? Here is a simple guide for installing Node.js, nvm, npm, and yarn without the bloat.](https://joshua.hu/nvm-yarn-npm-node-setup-macos-2025) - [CodeQL on MacOS](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-02-13-codeql-on-macos.md): [A step-by-step guide to setting up CodeQL on MacOS. Learn to install, create databases, and run standard or custom security queries on your code.](https://joshua.hu/codeql-on-macos) - [Updating FreeBSD's datetime without DNS](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-02-02-updating-freebsd-time-with-no-dns.md): [Fixing SSL handshake errors on FreeBSD caused by system clock resets. A quick guide to manually updating system time without DNS access.](https://joshua.hu/updating-freebsd-time-with-no-dns) - [Feedburner's Caching Problem](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2025-02-01-google-feedburner-broken-caching-if-modified-since.md): [Google Feedburner's lack of caching support wastes bandwidth. A look at how broken ETag/If-Modified-Since handling affects bots and RSS feeds.](https://joshua.hu/google-feedburner-broken-caching-if-modified-since) - [Some Thoughts on "Fixing Security Issues"](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-11-08-Thoughts-on-Fixing-security-issues.md): [Thoughts on fixing bugs versus fixing security issues. Why developers should focus on mitigating exploitation classes rather than just patching individual bugs.](https://joshua.hu/Thoughts-on-Fixing-security-issues) - [Webcam support on a Macbook running FreeBSD using PCI passthrough](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-10-07-facetimehd-webcam-linux-vm-macbook-freebsd-broadcom-1570.md): [Enable the FacetimeHD webcam on a MacBook running FreeBSD. A guide to using a tiny Alpine Linux VM with PCI passthrough to stream video back to the host.](https://joshua.hu/facetimehd-webcam-linux-vm-macbook-freebsd-broadcom-1570) - [Losing Sight and Vision of Your Mission and Culture: Part 2](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-09-29-losing-sight-vision-mission-of-your-role-part-2.md): [Part 2 of 'Losing Sight of Your Mission.' A satirical look at modern app development priorities, illustrated by a frustrating user experience in an airport.](https://joshua.hu/losing-sight-vision-mission-of-your-role-part-2) - [Crawling every Debian .deb package in history from snapshot.debian.org, learning the .deb format, and finding rate-limiting bypasses](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-09-26-crawling-snapshot-debian-org-every-debian-package-rate-limit-bypass.md): [A deep dive into crawling snapshot.debian.org for historical .deb packages. Learn about the .deb format and techniques to bypass rate limits using IPv6.](https://joshua.hu/crawling-snapshot-debian-org-every-debian-package-rate-limit-bypass) - [A Full Guide: FreeBSD 13.3 on a MacBook Pro 11.4 (Mid 2015) (A1398)](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-09-23-FreeBSD-on-MacbookPro-114-A1398.md): [A complete guide to installing FreeBSD 13.3 on a MacBook Pro 11,4. Covers Wi-Fi via wifibox, graphics, sound, keyboard backlights, and power saving config.](https://joshua.hu/FreeBSD-on-MacbookPro-114-A1398) - [Comparing different versions of AWK with WebAssembly](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-08-29-compare-different-versions-of-awk-online-with-webassembly.md): [Compare different versions of AWK directly in your browser. Read about building 'awk-compare' using WebAssembly and Emscripten to test script compatibility.](https://joshua.hu/compare-different-versions-of-awk-online-with-webassembly) - [An automatic captive-portal resolver and DNS white-lister for DNS over TLS with Unbound](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-08-25-captive-portal-automatic-unbound-resolve-forward-zone-blocked-dns-traffic.md): [Automate captive portal logins while using DNS-over-TLS. This script detects portal DNS servers and dynamically configures Unbound to allow necessary traffic.](https://joshua.hu/captive-portal-automatic-unbound-resolve-forward-zone-blocked-dns-traffic) - [BCM43602: Debugging a Wifi chipset causing a whole-system hang with FreeBSD's bhyve VM](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-08-21-brcmfmac-bcm43602-suspension-shutdown-hanging-freeze-linux-freebsd-wifi-bug-pci-passthru.md): [Debugging a system freeze on FreeBSD using wifibox and BCM43602. Discover the root cause involving PCI passthrough and the Linux kernel patch that fixes it.](https://joshua.hu/brcmfmac-bcm43602-suspension-shutdown-hanging-freeze-linux-freebsd-wifi-bug-pci-passthru) - [Exclusive i3 keysyms for specific programs. or: Binding Escape on imagemagick's import](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-07-24-program-specific-i3-keysym-keybinds-screenshot-imagemagick-import-escape.md): [Master i3wm binding modes for program-specific shortcuts. Learn how to bind Escape to cancel screenshots without conflicting with global keybindings.](https://joshua.hu/program-specific-i3-keysym-keybinds-screenshot-imagemagick-import-escape) - [Encrypted NTP using NTS and chrony on FreeBSD](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-07-07-encrypted-ntp-nts-chronyd-freebsd.md): [Secure your system time on FreeBSD using Network Time Security (NTS). A step-by-step guide to replacing ntpd with Chrony for authenticated, encrypted NTP.](https://joshua.hu/encrypted-ntp-nts-chronyd-freebsd) - [Encrypted DNS over TLS on FreeBSD with Unbound, and Blocking Unencrypted DNS Traffic](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-07-06-encrypted-dns-over-tls-unbound-mullvad-freebsd-block-unencrypted-dns-traffic.md): [Secure your FreeBSD networking by setting up Unbound for DNS-over-TLS. This guide covers configuration, hardening, and blocking unencrypted DNS traffic.](https://joshua.hu/encrypted-dns-over-tls-unbound-mullvad-freebsd-block-unencrypted-dns-traffic) - [Cute color progression for my battery status indicator](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-07-01-progressively-change-battery-percentage-color.md): [A simple algorithm to color-code battery percentage. Learn how to calculate RGB bitshifts to create a smooth gradient from green to red for status bars.](https://joshua.hu/progressively-change-battery-percentage-color) - [Fuzzing scripting languages' interpreters' native functions using AFL++ to find memory corruption and more](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-06-27-aflplusplus-fuzzing-scripting-languages-natively.md): [Learn to fuzz scripting languages like Pike using AFL++. Discover how to hook internal C functions via scripts to find memory corruption and interpreter bugs.](https://joshua.hu/aflplusplus-fuzzing-scripting-languages-natively) - [On using private browsing mode for half a year](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-06-18-using-private-browsing-mode-only.md): [I used only Private Browsing mode for six months. Read my experience regarding browser history, cookie consent fatigue, and the benefits of ephemeral sessions.](https://joshua.hu/using-private-browsing-mode-only) - [Supply chain attacks and the many (other) different ways I've backdoored your dependencies](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-05-02-how-I-backdoored-your-supply-chain.md): [Supply chain attacks go beyond code. Explore overlooked vectors like hosting provider social engineering, domain registrar hacks, and BGP hijacking risks.](https://joshua.hu/how-I-backdoored-your-supply-chain) - [A DoS Attack in RuneScape: In 3-Dimensions!](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-04-01-runescape-denial-of-service.md): [Explore a unique '3D Denial of Service' in RuneScape. See how players abused door mechanics in Player Owned Houses to block movement and disrupt gameplay.](https://joshua.hu/runescape-denial-of-service) - [The End of Yubikeys as 2-Factor-Authentication? Google Breaks 2FA with Yubikeys in Favor of Passkeys](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-02-02-enrolling-hardware-keys-2fa-google-workspace.md): [Google now forces Passkeys for hardware tokens. Use this workaround link to register Yubikeys and FIDO2 keys as standard 2FA devices on your Google account.](https://joshua.hu/enrolling-hardware-keys-2fa-google-workspace) - [Mounting and reading an ext4 drive on MacOS](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-01-24-mounting-ext4-on-macos.md): [A quick guide on reading ext4 drives on macOS. Learn how to install macfuse and ext4fuse, configure kernel permissions, and mount Linux partitions on your Mac.](https://joshua.hu/mounting-ext4-on-macos) - [A RuneScape Hacker's Dream: An Authenticator and PIN Bypass](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-01-16-runescape-bank-pin-exploit-bypass-username-enumeration-captchaless-login.md): [A dive into a historic RuneScape exploit via the Companion App. Discover how hackers bypassed 2FA and Bank PINs to access accounts and transfer in-game wealth.](https://joshua.hu/runescape-bank-pin-exploit-bypass-username-enumeration-captchaless-login) - [Credential Stuffing Done Right: Some Tips](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-01-15-credential-stuffing-done-right.md): [Learn the technical mechanics of credential stuffing. This post outlines systematic approaches for filtering lists, bypassing rate limits, and handling captchas.](https://joshua.hu/credential-stuffing-done-right) - [Automatically Generating a Well-Tuned Fuzzing Campaign With AFL++](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-01-12-aflplusplus-generate-fuzzing-campaign-commands-options-secondary-fuzzers.md): [Automate your AFL++ fuzzing campaigns. Use this script to generate optimized parallel commands and tune secondary fuzzer options based on your available cores.](https://joshua.hu/aflplusplus-generate-fuzzing-campaign-commands-options-secondary-fuzzers) - [SSH-Snake Update: Multi-IP Domain Resolution](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-01-11-ssh-snake-multi-ip-domain-resolution-bash-cannot-assign-list-to-array-member.md): [An update to SSH-Snake adding multi-IP domain resolution. Learn about the implementation details and solving Bash array assignment limitations in scripting.](https://joshua.hu/ssh-snake-multi-ip-domain-resolution-bash-cannot-assign-list-to-array-member) - [On the Google Account Persistence Exploit](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-01-09-on-google-account-persistence-exploit-malware-session-api-token-theft.md): [Analyze the Google account persistence exploit used by malware. Learn why session hijacking persists after password changes and how attackers maintain access.](https://joshua.hu/on-google-account-persistence-exploit-malware-session-api-token-theft) - [Firefox now automatically trusting the operating system's root store for TLS certificates - update: it does so only for user-added ones](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-01-09-mozilla-firefox-trusting-system-root-stores-qwacs-eu.md): [Firefox now defaults to trusting user-added certificates in the OS root store. Learn about this policy shift, its security implications, and how it affects you.](https://joshua.hu/mozilla-firefox-trusting-system-root-stores-qwacs-eu) - [LDAP Watchdog: Real-time LDAP Monitoring for Linux and OpenLDAP](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-01-06-ldap-watchdog-openldap-python-monitoring-tool-realtime-directory-slack-notifications.md): [Monitor your LDAP directory in real-time with LDAP Watchdog. Detect unauthorized changes, track new hires, and get instant Slack notifications for updates.](https://joshua.hu/ldap-watchdog-openldap-python-monitoring-tool-realtime-directory-slack-notifications) - [SSH-Snake: Automatic traversal of networks using SSH private keys](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-01-04-ssh-snake-ssh-network-traversal-discover-ssh-private-keys-network-graph.md): [Discover SSH-Snake, a powerful self-replicating tool for automatic network traversal using SSH private keys. Learn how it maps networks and finds credentials.](https://joshua.hu/ssh-snake-ssh-network-traversal-discover-ssh-private-keys-network-graph) - [Fuzzing with memfd_create(2) and fmemopen(3)](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2024-01-02-fuzzing-with-memfd-createfd-fmemopen-syscall-function.md): [Learn how to speed up fuzzing campaigns using memfd_create(2) and fmemopen(3). This benchmark compares execution speeds against stdin and tmpfs for faster results.](https://joshua.hu/fuzzing-with-memfd-createfd-fmemopen-syscall-function) - [Bash and SSH fun: SSH is eating my stdin! Or: why does my Bash script not continue after returning from a function?](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-12-19-bash-script-not-continuing-from-function-ssh-eating-stdin.md): [Debugging a bash script that mysteriously stops after an ssh call, and explaining how ssh consumes stdin and interacts with while read loops and process substitution.](https://joshua.hu/bash-script-not-continuing-from-function-ssh-eating-stdin) - [No new iPhone? No secure iOS: Looking at an unfixed iOS vulnerability](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-12-16-apple-ios-patched-unpatched-vulnerabilities.md): [A look at the messy reality of iOS vulnerabilities: which bugs get patched, which quietly linger, and the challenges of tracking real device risk over time.](https://joshua.hu/apple-ios-patched-unpatched-vulnerabilities) - [SSH Adventures Continued: Invalid CVE-2018-15473 Patches](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-12-09-ssh-username-enumeration-ubuntu-18.md): [Walking through how OpenSSH behaves on Ubuntu 18, and how error handling and timing can leak valid usernames for remote enumeration.](https://joshua.hu/ssh-username-enumeration-ubuntu-18) - [Losing Sight and Vision of Your Mission and Culture](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-12-07-losing-sight-vision-mission-of-your-role.md): [A more personal piece on how easy it is to drift from the original mission of my role, and some practical thoughts on recalibrating direction and priorities.](https://joshua.hu/losing-sight-vision-mission-of-your-role) - [More fun with bash: bash, ssh, and ssh-keygen version quirks](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-11-15-more-fun-with-bash-ssh-and-ssh-keygen-version-differences.md): [Exploring odd, version specific behavior between bash, ssh, and ssh-keygen, and how subtle CLI or format differences can break scripts in surprising ways.](https://joshua.hu/more-fun-with-bash-ssh-and-ssh-keygen-version-differences) - [Dumping bash variable values from memory using gdb](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-11-12-dumping-retrieving-bash-variables-in-memory-coredump.md): [Using gcore and gdb with bash's debug symbols to walk VAR_CONTEXT and hash tables to recover live shell variables from a bash process core dump.](https://joshua.hu/dumping-retrieving-bash-variables-in-memory-coredump) - [Playing with SSH: carriage returns on stderr output](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-11-10-ssh-stderr-printing-carriage-return.md): [A tiny ssh quirk: stderr lines are terminated with CRLF, where it came from, and why it matters if stderr is being parsed programmatically.](https://joshua.hu/ssh-stderr-printing-carriage-return) - [Fuzzing glibc's libresolv's res_init()](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-11-07-fuzzing-glibc-libresolv.md): [Fuzzing glibc's res_init by chrooting into tmpfs and mutating resolv.conf, resulting in an infinite loop in sortlist handling and a reachable assertion on long search lines.](https://joshua.hu/fuzzing-glibc-libresolv) - [Revisiting My Old Blog](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-11-05-revisiting-my-old-blog.md): [A tour of my 2012 to 2016 blog posts, including eBay SQLi, PayPal 2FA bypass, a dpkg bug, and more, plus some honest commentary on my younger self's work and writing.](https://joshua.hu/revisiting-my-old-blog) - [Revisiting the past: Security recommendations of a 17-year-old Joshua](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-11-04-revisiting-the-past.md): [Re-reading my 17 year old hardening advice, like running Firefox as another user, via a new oss-security thread, and reflecting on what aged well and what did not.](https://joshua.hu/revisiting-the-past) - [How to DoS MySQL/MariaDB and PostgresSQL Servers With Fewer Than 55kb of Data](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-10-17-postgresql-mysql-mariadb-denial-of-service-dos-attack.md): [Demonstrating how a few dozen kilobytes of traffic and unauthenticated connections are enough to exhaust MySQL, MariaDB, or PostgreSQL connection limits and deny service.](https://joshua.hu/postgresql-mysql-mariadb-denial-of-service-dos-attack) - [55 Vulnerabilities in Squid Caching Proxy and 35 0days](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-10-11-squid-security-audit-35-0days-45-exploits.md): [Notes from my large Squid audit: 55 vulnerabilities, many still unfixed, links to detailed writeups, and a reminder to re-evaluate Squid in sensitive environments.](https://joshua.hu/squid-security-audit-35-0days-45-exploits) - [root with a single command: sudo logrotate](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-10-01-gaining-root-with-logrotate-sudo-ubuntu.md): [Starting from the constraint that only sudo logrotate * may be run, and ending at root: abusing the log file flag to overwrite root owned scripts and ride cron to privilege escalation.](https://joshua.hu/gaining-root-with-logrotate-sudo-ubuntu) - [Fuzzing with multiple servers in parallel: AFL++ with Network File Systems](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-09-17-fuzzing-multiple-servers-parallel-aflplusplus-nfs.md): [How to wire up several servers with NFS and AFL++ so they share queues and crashes, giving distributed fuzzing with minimal coordination code.](https://joshua.hu/fuzzing-multiple-servers-parallel-aflplusplus-nfs) - [CVE-2023-4863: Fallout hits Facebook; probably much much more](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-09-13-libwebp-fallout-facebook-image-compression-proxies.md): [A quick look at CVE-2023-4863 in libwebp, Facebook's odd WebP limits, and why this bug likely touches browsers, apps, CDNs, and media pipelines everywhere.](https://joshua.hu/libwebp-fallout-facebook-image-compression-proxies) - [Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-09-05-nagios-hacking-cve-2023-37154.md): [Turning Nagios from monitoring into a pivot: abusing check_by_ssh argument injection for RCE, bypassing SSH wrappers, and discussing CVE-2023-37154 and related pitfalls.](https://joshua.hu/nagios-hacking-cve-2023-37154) - [Tracking a secret LoginTime LDAP attribute with Operational Attributes](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-08-22-tracking-secret-ldap-login-times-with-modifytimestamp-heuristics.md): [Using LDAP operational attributes like modifyTimestamp as a side channel to infer hidden login time fields and user activity patterns.](https://joshua.hu/tracking-secret-ldap-login-times-with-modifytimestamp-heuristics) - [My Wrocław tourism tips and recommendations](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-08-20-wroclaw-tourism-tips.md): [A long, opinionated guide to Wroclaw: what to see, where to eat, drink, party, and stay, plus lots of local quirks and pragmatic tips.](https://joshua.hu/wroclaw-tourism-tips) - [Slack login is broken with noscript](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-08-20-slack-is-broken-with-noscript.md): [Breaking down Slack's noscript redirect bug, the open redirect angle, bug bounty back and forth, and the suspicion it doubled as a dark pattern.](https://joshua.hu/slack-is-broken-with-noscript) - [Improve nmap's service scanning with this 1 weird trick!](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-08-18-nmap-improving-service-scanning-results.md): [Teaching nmap about odd services by extending nmap-service-probes with custom matches, improving accuracy and cutting scan time on large fleets.](https://joshua.hu/nmap-improving-service-scanning-results) - [Speeding up nmap service scanning 16x](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-08-13-nmap-speedup-service-scanning-16x.md): [Deep dive into nmap's service detection timeouts, NSE behavior, and the tiny source changes that turned a 160 second probe into a 10 second one.](https://joshua.hu/nmap-speedup-service-scanning-16x) - [5 Tips For Port Service Scanning 16x Faster: Part 1](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-07-30-port-scanning-networks-speeding-up-nmap-for-large-scales.md): [Designing large scale port and service scanning: separating discovery from service ID, mixing masscan or zmap with nmap, and avoiding DoSing the networks being scanned.](https://joshua.hu/port-scanning-networks-speeding-up-nmap-for-large-scales) - [Describing All Kubernetes Pods of All Namespaces for Fun and Profit](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-07-12-kubernetes-describe-all-pods.md): [A simple but effective kubectl plus GNU parallel script to describe every pod in every namespace for trawling env vars for secrets.](https://joshua.hu/kubernetes-describe-all-pods) - [Stealing All of Hashicorp Vault's Secrets Using Login Enumeration](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-07-10-hashicorp-vault-secret-dumping.md): [Using stolen Vault tokens, bash, jq, and GNU parallel to recursively enumerate and dump every reachable secret from HashiCorp Vault.](https://joshua.hu/hashicorp-vault-secret-dumping) - [Achieving persistence with a hidden SSH backdoor](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-06-26-sshd-backdoor-and-configuration-parsing.md): [How to hide a persistent SSH backdoor in plain sight by abusing sshd's first-wins config parsing, systemd hooks, and sneaky authorized_keys locations.](https://joshua.hu/sshd-backdoor-and-configuration-parsing) - [Attacking a temperamental ten-year-old Jenkins server](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2023-02-21-attacking-a-ten-year-old-jenkins-server.md): [A walk-through of abusing Jenkins script console access, why Metasploit's jenkins_script_console/jenkins_gather failed on ancient hardware, and the patches I wrote to make it work.](https://joshua.hu/attacking-a-ten-year-old-jenkins-server) - [Attacking a scripting language's cryptographic functions with Wycheproof](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2022-06-05-pikeproof-wycheproof-pike-checks.md): [Using Project Wycheproof to test Pike's Nettle-based crypto APIs, I built PikeProof and uncovered multiple vulnerabilities in Pike's cryptography layer.](https://joshua.hu/pikeproof-wycheproof-pike-checks) - [Creating an eBay crawler for fun and profit](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2022-04-18-automating-ebay-browsing-for-fun-and-profit.md): [How I built a PHP/MySQL bot to crawl Australian eBay for NES listings, filter relists, track sales history and snipe rare retro games automatically.](https://joshua.hu/automating-ebay-browsing-for-fun-and-profit) - [How I got into the security industry](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/_posts/2022-04-14-how-i-got-into-the-industry.md): [How I went from RuneScape glitching and game hacking to running a 25,000 member forum and eventually working professionally in online security.](https://joshua.hu/how-i-got-into-the-industry) =============================================================================== ## All Menu Pages =============================================================================== MENU PAGES =============================================================================== The links below take you to the raw Markdown content, and the menu pages themselves. - [About Me](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/menu/about.md): [Meet Joshua Rogers, a Security Engineer and hacker based in Poland. Discover his background in cybersecurity, system administration, and retro gaming history.](https://joshua.hu/about) - [Contact](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/menu/contact.md): [Get in touch with Joshua Rogers for security engineering, penetration testing, or collaboration. Connect via email or LinkedIn for contracting opportunities.](https://joshua.hu/contact) - [Ideas](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/menu/ideas.md): [Explore a collection of cybersecurity research ideas and future projects by Joshua Rogers](https://joshua.hu/ideas) - [Projects](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/menu/projects.md): [Browse the portfolio of Joshua Rogers, featuring security tools like SSH-Snake and PikeProof, mathematical modeling, and video game history research.](https://joshua.hu/projects) - [Security Engineering & Penetration Testing Services](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/menu/services.md): [Expert Security Engineering & Penetration Testing services. Get candid findings, code review, and secure architecture design by Joshua Rogers.](https://joshua.hu/services) - [Topics](https://raw.githubusercontent.com/megamansec/joshuahu/refs/heads/gh-pages/menu/topics.md): [Browse the various posts written by Joshua Rogers, ordered and grouped by category.](https://joshua.hu/topics) ===============================================================================