Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Historically, for DEF CON, you purchase everything in cash at the conference. This allows for people to remain anonymous if they would like to. Because of covid 19, you are supposed to buy the ticket online prior to the conference. With online data comes the potential for things to be leaked!

After Reznok purchased his ticket, there was a screen for reviewers the order with a click for the badge. The author noticed that he had no logged in and there was no token in the URL. Why not throw this into incognito?

When the author popped this into incognito mode, the payment information was still there! To make matters even worse, the ID was sequential, making these purchases easy to find. The author looked for a few other tickets then decided to report the finding to the Dark Tangent.

Reznok could have seen the name, ticket and email of all the people that had bought the tickets online. For a group of people that value anonymity, this is really bad! The issue was fixed quickly from the host company.