A beginner's guide to unexpected input 🧨

HIP - Track 1 - Room 5
DysphoricUnicorn
Are you the kind of person who enjoys putting weird stuff into web forms and watching them try to handle that? Would you put yourself on the chaotic side of an alignment chart? Is your reaction to "there be dragons" to invite the dragons in? In that case, this talk may be for you. I want to explain some of the most common kinds of unexpected input on a level that beginners should be able to understand.
I somehow can't stop myself from talking about emoji at conferences. And I don't even use those things that much. Well, I don't use them that much for what they're for. I generally put them in places where they are unexpected and watch stuff break. However, I don't only want to be "that emoji person", so for this talk, I want to start with some info about emoji, and some developments that have happened since my [talk at this year's GPN](https://media.ccc.de/v/gpn20-6-breaking-things-with-emoji-), but then move on to some more advanced topics like SQL injections, XSS and buffer overflows. All of that explained on a somewhat surface level so that people who don't know much about hacking can still follow and get some value out of the talk.

Additional information

Live Stream https://streaming.media.ccc.de/jev22/hip1
Type Talk/panel 30 min
Language English

More sessions

12/27/22
Theater Hall - E.T.I. (HiP main stage)
HIP - Track 1 - Room 5
Welcome to Hacking in Parallel. Lets fire this up.
12/27/22
Track 2 Room 2
davedarko
HIP - Track 2 - Room 2
Going through the reasoning and design decisions made while creating pentagon shaped PCBs and a case for a 12 sided platonic solid.
12/28/22
Camilo
HIP - Track 1 - Room 5
Introduction to open source PDKs for making custom Asics and the work involved in taping out a small systolic array using only open-source tooling, and also applications to systolic arrays
12/28/22
HIP - Track 1 - Room 5
Librevent is a browser extension allowing any user to copy and republish (“scrape”) data about events posted on proprietary platforms onto free libre and open source decentralized networks. For now, Librevents focuses on liberating events data (description, date and time, location) from Facebook onto Mobilizon, an event-management platform alternative part of the Fediverse*. The intention behind Librevents is to feed alternative ethical platforms like Mobilizon with content, in order to help ...
12/28/22
mainhall stage - c-base
c-base mainhall
Matthias Maurer beschreibt den Mond als unser *Sprungbrett zum Mars*. Und nicht nur für Missionen zum nächsten Planeten, sondern auch für wesentlich weiter entfernte Ziele, wo nie ein Mensch zuvor gewesen ist, wird es unabdingbar sein, den Mond als Trainingsgelände zu nutzen. Mit Hilfe unserer **CubeR** soll die Oberfläche des Mondes sowohl für die Wissenschaft als auch für die Industrie zugänglich werden. Unsere nach einem offenen Standard entwickelten Nano-Rover stellen eine Grundlage ...
12/28/22
Theater Hall - E.T.I. (HiP main stage)
Dennis Guse
HIP - Track 1 - Room 5
Most open-source projects have limit lifetime: at some point in time development stops and the project becomes unmaintained. A lot of projects often do not even reach the stage, where they are used by a critical mass of users. In this talk, I will go through the steps of continuing an open-source project using my lessons learned from forking Google's MyTracks and crafting it into OpenTracks.
12/28/22
Theater Hall - E.T.I. (HiP main stage)
hanemile
HIP - Track 1 - Room 5
Most bug bounty platforms list subdomain takeover as "not in scope", but could it be interesting anyways? Yes! This talk will show you what this kind of problem is and how it can be mitigated at scale (and where it isn't).