infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

My RSS notified me about this interesting #ReverseEngineering tool, but when I opened the repo
- It included a README and a **.zip**
- The URL was written like this: https:\\www.exetools[.]net (surprisingly, it did even work in my browser!)

Absolutely barbaric!
this post | permalink
@noctivius "get some practice with using tools and memorizing commands" - Spot on! IME people who "grew up" with these labs are too much focused on these skills, while this is the easy part of the job. The hard part is to find where to dig.
this post | permalink
I just read this (now deleted) question on Reddit:

"Wich One İs better Hack the box Or Try Hack me?" (sic!)

This may be unpopular, but IMO
1) Nothing beats building your own environments, as you'll learn *how* the stuff works and *why* misconfigs happen.
2) Real targets rarely have as limited attack surfaces as these lab machines. A crucial skill is to filter the data you get from initial scans (IIRC OSCP labs were more realisting in this aspect).

#TryHackMe #HackTheBox #pentest #training
this post | permalink
[RSS] Spice86: Reverse engineer and rewrite real mode DOS programs

https://github.com/OpenRakis/Spice86
this post | permalink
[RSS] From Zero to Emo - My Journey of Many Failures in kernelCTF

https://u1f383.github.io/linux/2025/02/21/from-zero-to-emo-my-journey-of-many-failures-in-kernelCTF.html
this post | permalink
[RSS] Security Bulletin: IBM i is vulnerable to a user gaining elevated privileges due to an unqualified library call [CVE-2024-55898].

https://www.ibm.com/support/pages/node/7183835?myns=swgother&mynp=OCSWG60&mynp=OCSSB23CE&mynp=OCSSTS2D&mynp=OCSSC5L9&mynp=OCSS9QQS&mync=A&cm_sp=swgother-_-OCSWG60-OCSSB23CE-OCSSTS2D-OCSSC5L9-OCSS9QQS-_-A
this post | permalink
[RSS] Pluralistic: Ad-tech targeting is an existential threat

https://pluralistic.net/2025/02/20/privacy-first-second-third/
this post | permalink
@4Dgifts "Von Neumann himself attributed his generation's success to 'a coincidence of some cultural factors' that produced 'a feeling of extreme insecurity in the individuals, and the necessity to produce the unusual or face extinction'" (The Man from the Future, the Visionary Ideas of John von Neumann, quoting from Stanislaw Ulam's Andventures of a Mathematician)
this post | permalink
Writing a #Ghidra processor module

https://irisc-research-syndicate.github.io/2025/02/14/writing-a-ghidra-processor-module/?ref=blog.exploits.club

"In this article we will create a Ghidra processor module for the iRISC processors, these processors are embedded in the ConnectX series of NICs from NVIDIA/Mellanox."

Not a beginners tutorial, as it skims over many important steps and details, but still good to have more of these as there's always a trick or two to learn.
this post | permalink
PostgreSQL 17.4, 16.8, 15.12, 14.17, and 13.20 Released

https://www.postgresql.org/about/news/postgresql-174-168-1512-1417-and-1320-released-3018/

This fixes a regression introduced by the latest vulnerability fix:

"The fix for CVE-2025-1094 caused the quoting functions to not honor their string length parameters and, in some cases, cause crashes."
this post | permalink
Next Page