infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

After all these years I still rely on brute-force when it comes to copy-pasting on #Linux:

- Which paste should I use for vim's * and + buffers?
- Which clipboard is used by Java GUI's?
- Did JavaScript manage to put text on the clipboard this time? Which one?
- etc.

How do fellow #X11 users keep track of your clipboards?
this post | permalink
It's a lesser known fact that these bad boys are still used to serve Windows updates:
this post | permalink
/cc @realhackhistory
this post | permalink
Epstein and Steve Bannon discussing how to get spectrum boys^W^Whackers on their side as they are the "most powerful (dangerous) US group":

https://threadreaderapp.com/thread/2018146239716667744.html

Also, how to get Bannon to stage at DEFCON lol
this post | permalink
[RSS] vr2jb: Pwning the PlayStation VR2 using Sony's hidden recovery mode

https://bnuuy.solutions/2026/02/01/ps-vr2-recovery-mode.html
this post | permalink
[RSS] Pipe Dreams: Remote Code Execution via Quest Desktop Authority Named Pipe

https://www.netspi.com/blog/technical-blog/adversary-simulation/pipe-dreams-remote-code-execution-via-quest-desktop-authority-named-pipe/
this post | permalink
[RSS] Notepad++ Hijacked by State-Sponsored Hackers

https://notepad-plus-plus.org/news/hijacked-incident-info-update/
this post | permalink
#REshare exporter for #BinaryNinja is getting into shape! A sane API and good documentation made a world of difference, but of course I found a bit in the type system that required some hacks :)

https://github.com/v-p-b/reshare

Code coming next week after some more testing.

#ReverseEngineering
this post | permalink
From a single tiny bug recursion creates infinite tiny bugs that eat your program whole.
this post | permalink
@XC3LL Thanks for posting this, great to see someone has the guts to say the emperor is naked!

My 2c:
- Red Teams should be about the "difficult" things you mention at the end IMO. Spending resources on initial access is mostly pointless (from the client's perspective, finding 0d is always cool ofc) when a new blinky box exploit, leaked code signing cert, etc. is popping up every other week. IME many clients pay for (bad) initial access simulations because organizing assumed breach in-house is hard.
- A way to burst the bubbles you describe is to mandate scenarios based on real-world threat intel. But this works against intial access again, because RT's can't scale their R&D as black hats do (attack surface is clients vs the Internet).
this post | permalink
Next Page