infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

#REshare exporter for #BinaryNinja is getting into shape! A sane API and good documentation made a world of difference, but of course I found a bit in the type system that required some hacks :)

https://github.com/v-p-b/reshare

Code coming next week after some more testing.

#ReverseEngineering
this post | permalink
From a single tiny bug recursion creates infinite tiny bugs that eat your program whole.
this post | permalink
@XC3LL Thanks for posting this, great to see someone has the guts to say the emperor is naked!

My 2c:
- Red Teams should be about the "difficult" things you mention at the end IMO. Spending resources on initial access is mostly pointless (from the client's perspective, finding 0d is always cool ofc) when a new blinky box exploit, leaked code signing cert, etc. is popping up every other week. IME many clients pay for (bad) initial access simulations because organizing assumed breach in-house is hard.
- A way to burst the bubbles you describe is to mandate scenarios based on real-world threat intel. But this works against intial access again, because RT's can't scale their R&D as black hats do (attack surface is clients vs the Internet).
this post | permalink
More on this at Security Affairs:

https://securityaffairs.com/187515/laws-and-regulations/doj-releases-details-alleged-talented-hacker-working-for-jeffrey-epstein.html
this post | permalink
Raymond Chen published half dozen posts about SAFEARRAY handling:

What’s the difference between Safe­Array­Access­Data and Safe­Array­Add­Ref?
https://devblogs.microsoft.com/oldnewthing/20260126-00/?p=112016

A digression on the design and implementation of Safe­Array­Add­Ref and extending APIs in general
https://devblogs.microsoft.com/oldnewthing/20260127-00/?p=112018

Why did I lose the data even though I called Safe­Array­Add­Ref?
https://devblogs.microsoft.com/oldnewthing/20260128-00/?p=112021

How can I retain access to the data in a SAFEARRAY after my method returns?
https://devblogs.microsoft.com/oldnewthing/20260129-00/?p=112023

Why not store the SAFEARRAY reference count as a hidden allocation next to the SAFEARRAY?
https://devblogs.microsoft.com/oldnewthing/20260130-00/?p=112025
this post | permalink
[RSS] A digression on the design and implementation of Safe-Array-Add-Ref and extending APIs in general

https://devblogs.microsoft.com/oldnewthing/20260127-00/?p=112018
this post | permalink
[RSS] Why not store the SAFEARRAY reference count as a hidden allocation next to the SAFEARRAY?

https://devblogs.microsoft.com/oldnewthing/20260130-00/?p=112025
this post | permalink
[RSS] Reverse engineering of Schneider Electric PLC "archive" file format

https://github.com/finngineering/apxutil
this post | permalink
"New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson
[...]
Because the iPhone was in Lockdown mode, CART could not extract that device"

https://www.reddit.com/r/privacy/comments/1qsmy8g/fbi_was_not_able_to_extract_data_from_iphone_13/
this post | permalink
"Former BlackHat board member Vincenzo Iozzo, and co-author of iOS Hacker's Handbook, had a relationship with Jeffrey Epstein.

It appears Epstein attended DEFCON and/or BlackHat in 2013 and 2015, possibly 2016."

https://x.com/vxunderground/status/2017673353335542039

/via @vxunderground
this post | permalink
Next Page