infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

I created a library from prefetch-tool so you can more easily experiment with side-channel #KASLR bypasses on Windows:

https://github.com/v-p-b/prefetch-lib

For dogfooding I exploited HEVD on Windows 11 24H2:

https://github.com/v-p-b/HEVD-prefetch
this post | permalink
@jerry @cR0w You are joking but: https://threadreaderapp.com/thread/1932079435571671137.html
this post | permalink
@erik @GossiTheDog I definitely wouldn't rule out time warps.
this post | permalink
@GossiTheDog Friday the 13th's bugs hatched during the weekend I guess
this post | permalink
[oss-security] CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract

https://www.openwall.com/lists/oss-security/2025/06/16/5

Exquisite bug!
this post | permalink
@patcharcana @cR0w https://www.youtube.com/watch?v=mW9PvYYH9lA
this post | permalink
[RSS] Offline Extraction of Symantec Account Connectivity Credentials (ACCs)

https://itm4n.github.io/offline-extraction-of-symantec-account-connectivity-credentials/
this post | permalink
It's great to have everything-as-code because of reproducibility, etc., except now the cloud infra you are targeting can and will randomly fail in unpredictable ways.
this post | permalink
Another #Rust adventure for the weekend:

Signed/unsigned (two's complement) command-line integer converter based on num_bigint:

https://github.com/v-p-b/twos

Designing the interface was surprisingly tricky, no wonder most online converters aren't great...
this post | permalink
I also tried to do a diff on CLFS.sys to track down CVE-2025-32713 but #Ghidra fails to decompile multiple functions so the output is not as clean as I wished it to be:

https://gist.github.com/v-p-b/b180fa1b0e2b391153a0c7fca265a104

This #PatchTuesday sparked no joy :(
this post | permalink
Next Page