infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@loke @bagder As pentesters we regularly argued about whether a behavior can be considered a vulnerability or not. A resolution strategy that almost always worked is to ask ourselves what our recommended fix would be. Maybe including such a question in the report template could help prevent/resolve similar misunderstandings?
this post | permalink
@bagder I started by tracking back line numbers, good for you to have some experience with the curl API :)
this post | permalink
@bagder Attached fuzzer not matching with the provided ASAN report is an especially nice touch...
this post | permalink
@cR0w https://www.reddit.com/r/netsec/comments/1mryiha/elastic_edr_0day_microsoftsigned_driver_can_be/

(note that I said entertaining, not informative or useful...)
this post | permalink
That "EDR 0-day" post on reddit is quite entertaining!
this post | permalink
@codecolorist This hits hard after having spent many hours debugging shell escapes in cmdexec payloads... PowerShell is a harsh mistress, but it'd be even more gruesome if they had to do the same thing with cmd.exe :)
this post | permalink
@albinowax Still the best one I could find for this task ;)
this post | permalink
[RSS] tar-fs Link Directory Traversal Vulnerability

https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w

CVE-2025-48387
this post | permalink
[RSS] SQLite - Integer Overflow in FTS5 Extension

https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g
this post | permalink
@raptor @slashdot Don't forget though that he can live this way of life in large part because of his accomplishments (that also came with substantial amount of money)
this post | permalink
Next Page