If you have a bash command line of "exec program ..." and you can control the "..." can you make it not run the exec and do something different? The answer is yes. Even if "..." is somewhat sanitised for shell metacharacters. If you can inject $+] it will make bash error on that line and run the […]

For those of you who saw my BSides Canberra talk, here's a vulnerability I couldn't talk about in the talk, yet, but is very much in the spirit of it: https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984

Did you know Cloudflare documents how to use DNS in Google Sheets? Because if you have a problem, DNS is clearly the answer. https://developers.cloudflare.com/1.1.1.1/additional-options/dns-in-google-sheets/

I probably should have polished my @ComfyConAU talk. Instead I got sidetracked into wondering just how much I could tunnel over DNS: https://dgl.cx/2025/09/images-over-dns

Noticed my SLAAC IPv6 address happens to end in :fade. Fade to black?

I'll be speaking at BSides Canberra: https://cfp.bsidescbr.com.au/bsides-canberra-2025/talk/8TWF8X/ -- this will cover my recent find of an RCE in Git and how that and some other vulnerabilities could be used against developers. #bsides #security