• The Discovery: While attending the Colorado School of Mines, the author discovered that local DNS servers assign a unique subdomain to every device connecting to the campus Wi-Fi network.
• Subdomain Enumeration:
  • Initial Attempts: The author first used Python and brute-force permutations to guess subdomains, but the asynchronous script was too slow.
  • Rust Optimization: Moving to Rust and optimizing the code (incrementing an integer and converting it to base 36) dramatically improved speed. They bypass the standard library by interacting directly with the UDP port and utilizing Bash scripting to distribute offsets across multiple processes.
  • The Crash: The optimized Rust script generated queries so quickly (hitting peak rates up to 4.04 Gbps) that it crashed the campus DNS server, causing a 15-minute network outage. School IT tracked them down because they had spent two weeks talking openly about the project.
• PTR Records: Realizing brute forcing became unrealistic for longer subdomains, the author pivoted to utilizing DNS Reverse Lookup (PTR records), which allowed them to map known active IP addresses back to domain names.
• Port Scanning and AF_XDP:
  • The author created a custom, lightweight network scanner called convoy utilizing Linux's AF_XDP to bypass the core network stack.
  • By horizontally scanning (one port across all machines before moving to the next), they safely achieved scan speeds of 300,000 ports per second on a single core.
• Campus Exploitation:
  • Due to loose network restrictions surrounding wireless casting, certain subnets were accessible.
  • The scanner revealed 36 campus security cameras running on default passwords. Although deep packet inspection rules blocked live video streaming, the author reverse-engineered the web interface's API to synchronously manipulate camera positions.
  • They also found unprotected controls for almost every projector screen and input switch across the campus classrooms.
• Reporting: The vulnerabilities were responsibly disclosed to campus IT, who stated the issues would be patched over the summer. The author received no financial compensation.

Hacker News Discussion

• Network Segmentation Failures: Users expressed shock that a modern university in 2026 would still run a completely flat network architecture, allowing unvetted student devices onto the same subnets as critical infrastructure, surveillance cameras, and IoT equipment without basic VLAN segmentation.
• Lenient Academic Consequences: Commenters heavily debated the IT department's mild reaction to a network crash. Some argued that causing campus-wide outages warrants severe disciplinary action to prevent dangerous professional habits, while others recalled their own college days—noting that universities traditionally serve as a safe environment to learn boundaries, and harsh punishments only incentivize hackers to hide their findings.
• Alternative Enumeration Techniques: Network professionals chimed in with alternative scanning methods, noting that hotel and public networks often share a single central DNS server across guest and internal networks, allowing easy reverse PTR record profiling. Others recommended utilizing broadcast mDNS/Bonjour for local device footprinting.
• Industry Perspectives: Former project managers for AV hardware companies noted that modern firmware explicitly mandates changing default passwords upon setup, placing the blame squarely on poor campus IT implementation.

German gov assessment of password managers: only 1Password, Keepass2 Android, KeePassXC get full marks.

open source dependencies as supply chain risk and attack surface, vs how, here Obsidian mitigates against them: - reimplement small functions directly in your own code - fork modules and maintain as own code base - large libraries include version locked files - strongly limit the 3rd party packages that ship in your code to others

For those lockfiled dependencies have a process for updates (and for onboarding a new one), and don't quickly update what already works. Use time as a buffer: issues with 3rd party stuff will surface over time.

opsec / infosec tips around mobiles. Vgl re:publica [[Berlin 2014]]

overview of European alternatives for digital products. Not in all relevant categories (payments e.g.) but some novel providers in there.

Explore wrt [[Infosec ladder van techniek en gedrag 20190530190335]] in context TGL.

https://web.archive.org/web/20240422104417/https://www.ncsc.nl/actueel/nieuws/2024/april/18/cybercheck-ook-jij-hebt-supply-chain-risicos

NSCC over supply chain risico's mbt digitale diensten/producten. Kijk de check eens door op dingen voor [[Infosec ladder van techniek en gedrag 20190530190335]] TGL.

This SME focused cybersecurity company called Huntress in their position offer mention an 'enterprise poverty line' for cybersecurity. In the Mastodon message announcing it they call it 'the cybersecurity poverty line'. Meaning a Coasean floor [[Vloer en plafond van organiseren 20080307115436]] I assume?

Collection of real-word vulnerabilities, from this presentation.

How chromium's file: scheme security decisions came to be?

OTR base.

[A request to] Make DKIM-signed emails deniable by regularly publishing the secret keys.

Compare Android (full-disk) vs Apple (file-based) encryption strategies.

Cross-domain vulnerability