infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

Rage Against the Authentication State Machine

https://blog.silentsignal.eu/2025/06/14/gitblit-cve-CVE-2024-28080/

Beautiful authentication bypass in Gitblit from my old friends at @silentsignal !

CVE-2024-28080
this post | permalink
@ahihi "Sorry I can't hear you over the sound of my CRT monitor buzzing!"
this post | permalink
[RSS] exploits.club Weekly Newsletter 84 - Stealing Exploits, Competition Misconfigs, Android Physical Memory, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-84-stealing-exploits-competition-misconfigs-android-physical-memory-and-more/
this post | permalink
[RSS] Partial Analysis of CVE-2025-38618

https://u1f383.github.io/linux/2025/08/28/partial-analysis-of-CVE-2025-38618.html
this post | permalink
@tychotithonus
this post | permalink
@tychotithonus Both statements are true but the threat function collapses as you try to exploit the box
this post | permalink
@trou Thanks, fixed in the original!
this post | permalink
@raptor cc @gergelykalman
this post | permalink
[RSS] A Quick Note on CVE-2025-38617

https://u1f383.github.io/android/2025/08/28/a-quick-note-on-CVE-2025-38617.html
this post | permalink
I combined DEVCORE's CVE-2024-35250 with the CVE-2024-30084 double fetch bug and the Cloud Filter memory trap technique by @tiraniddo to achieve reliable LPE without device requirements on Win10 VMs.

https://scrapco.de/blog/its-a-trap-reliable-exploitation-of-cve-2024-30084.html
this post | permalink
Next Page