infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

Unfortunately this #PatchTuesday introduced another Lua script to Defenders signature DB that breaks loadlibrary even with trivial scan targets :( I started to track the issue in my fork:

https://github.com/v-p-b/loadlibrary/issues/2

The good news is I fixed the cert store so Authenticode with PCA 2024 will work. and you should still be able to experiment with e.g. the unpackers by disabling the Lua VM, as described here:

https://scrapco.de/blog/fuzzing-windows-defender-with-loadlibrary-in-2025.html#fuzzing
this post | permalink
[RSS] CVE-2025-26685 - Spoofing to Elevate Privileges with Microsoft Defender for Identity

https://www.netspi.com/blog/technical-blog/network-pentesting/microsoft-defender-for-identity-spoofing-cve-2025-26685/
this post | permalink
[RSS] NTLM reflection is dead, long live NTLM reflection! - An in-depth analysis of CVE-2025-33073

https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025
this post | permalink
[RSS] Exploring Kernel Address Leakage via WARN()

https://u1f383.github.io/linux/2025/06/14/exploring-kernel-address-leakage-via-WARN.html
this post | permalink
[RSS] exploits.club Weekly Newsletter 75 - Speaker Hacking, Old Video Game Bugs, SecureBoot Bypasses, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-75-speaker-hacking-old-video-game-bugs-secureboot-bypasses-and-more/
this post | permalink
@frycos Nice! Also, seriously go and touch some grass ;)
this post | permalink
@trou Looks pretty useful! In fact I've always wondered what made Cyber Chef so popular when the shell is *right there*. I also look for strengths/weaknesses of different tools (another similar one is rax2) as inspiration, so the more I see, the better!
this post | permalink
@stf Turns out it's surprisingly easy to create "liberal" parsers with the nom crate!
this post | permalink
REcover is a tool for approximately recovering the compile-unit layout from stripped binary executables.

https://github.com/huku-/recover
this post | permalink
With this, "Releasing from GitHub Actions" officially goes to my Cursed list: this time I spent 16 commits to get it right :P
this post | permalink
Next Page