infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] Hunting CVE-2025-59287 in Memory Dumps

https://medium.com/@Debugger/hunting-cve-2025-59287-in-memory-dumps-b70afd7d2dcf?source=rss-3ba65b326b28------2
this post | permalink
@tshirtman @cs @tmr232 @nieldk You are right and it even seems to be my code dammit! Thanks for your help!
this post | permalink
@tmr232 @nieldk @cs @tshirtman Thanks for the responses, but my diagnosis was wrong - although I still don't quite get it: it turns out that the object I'm writing out (json.dump) contains a list that gets extended by the script (this sort of explains why I'm writing out more and more data), BUT the list is part of an object that I reinstantiate on every run, which should empty the list (I call super() with an empty list). Problem is the (super)class is generated code and I suspect the list is not in fact an object member but a static class variable that may cause this??
this post | permalink
OK so either I have a fundamental misunderstanding of how #Python I/O works, or this is a bug:

I have a `with open(..., "w") as foo:` block in my script. If I execute it twice (now from #IDA, and I experienced the same with #Ghidra) the contents are _appended_ instead of truncating the output first!

WT actual F?!
this post | permalink
@Viss
this post | permalink
All I want for Xmas is sane documentation <3
this post | permalink
Dropping a Xmas-sploit for CVE-2025-14847
this post | permalink
@GossiTheDog Maybe you are confusing MariaDB with MongoDB in their relation to MySQL?
this post | permalink
I truly appreciate the work of those who keep an eye on threats during the holiday season, but:

- MongoDB has nothing to do with MySQL
- A memory disclosure is not an RCE (but you should probably prioritize similarly in this case)

CVE-2025-14847
this post | permalink
@Viss wait since when is PTP spelled "pen test partners" (as in partners testing pens)?
this post | permalink
Next Page