Just a little hoax for my fellow security dudes and dudettes.

Details

Sometimes you see something and think: “Hey that would make a happy little joke to play with” and then some idea is stuck to your head. This is a little wannabe-funny hoax for security people and the hate we probably all have for “something”.

Don’t take it too serious. Never touch a running system!

Yeah I know, you don’t want to read this, so here, straight to the PoC.

⚠️ A small warning, this might cause some side effekts in your browser, however i mean it is just a browser or? What could go wrong?

<<-- Enter here for PoC -->>

Do as you wish

Think about the following situation: It is monday morning, you are still sipping on your first coffee and scrolling a little bit around for the Infosec stuff happened during the weekend. You land on some blog and your browser Tab crashes after showing the glimpse of a terminal. Was it a terminal? Damn, what happened?

This is like those Windows VMs, which booted directly show five or six terminals too fast to read, but you know you forget about some testing and how have some beacons running somewhere. Lovely, isn’t it?

So the idea was born, however it seemed a little bit boring to me, as yeah a small “good morning” call is nice but is it worth it?

Things got a little bit more fun, when I saw this:
https://x.com/RenwaX23/status/1991061104278319323

Hint on Twitter

So by using a little bit of data in a blob location, we can crash most browsers? Nice! What exactly will crash was a little bit unreliable during my testing. For e.g. under Qubes OS and Firefox the complete VM crashes, not only the browser. Under Android Firefox crashes completly, but the OS keeps fine. And under Chrome “just” the Tab crashes.

So, having a fake terminal pop up might leave most people unimpressed, but then crashing the browser might raise an eyebrow.

Just a little bit sus

PS: In case you came here for the memes, yes I am sorry, but I had no idea for this few sentences … Meme quality