infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] From Support Ticket to Zero Day (CVE-2025-8356, CVE-2025-8355 - Xerox FreeFlow Core)

https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/
this post | permalink
TIL Amyl and the Sniffers is on Bandcamp, and there goes my allowance...

https://amylandthesniffers.bandcamp.com/
this post | permalink
Aside of the awesome diagrams that Mermaid.js can generate I'd like to highlight this script that is really helpful when you want to figure out how #decompiler represents different pieces of code:

https://github.com/v-p-b/ghidra-cheat-sheet/blob/main/scripts/dump_clang.py

Sample output:

https://scrapco.de/ghidra-cheat-sheet/decompiler/structure_samples/
this post | permalink
To prevent further frustration from forgotten tricks I brain dumped the less-than-obvious stuff that I can remember from #Ghidra development in my brand new Ghidra Dev Cheat Sheet:

https://scrapco.de/ghidra-cheat-sheet/

PR's and suggestions are most welcome!
this post | permalink
TIL about Operation Midnight Climax

https://en.wikipedia.org/wiki/Operation_Midnight_Climax
this post | permalink
This is a totally valid unit for any CI pipeline!

RE: https://chaos.social/@weirdunits/115020402704312177
this post | permalink
Today I treat myself with some Igorrr

https://igorrr.bandcamp.com/album/amen
this post | permalink
[FD] PlayReady Activation protocol issues (weak auth / fake client identities)

https://seclists.org/fulldisclosure/2025/Aug/3

"PlayReady Activation service does not implement real authentication, but
some form of obfuscated identification scheme [...] Arbitrary PlayReady identity can be requested by the client through public API" and more...
this post | permalink
Oh shit it's Patch Tuesday...
this post | permalink
@borup It's also good to remember that the EU still did nothing to stop this malpractice.

(I'd also argue again that the regulation is bad if malicious actors can abuse it while low-resource ones simply follow the path of least resistance because they lack the required understanding/skills)

#HillsToDieOn
this post | permalink
Next Page