infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

A little bird told me that the schedule of #AlligatorConEU is online:

https://alligatorcon.eu/
this post | permalink
@dcoderlt also a filter by language
this post | permalink
[RSS] C++ Unwind Metadata: A Hidden Reverse Engineering Bonanza

http://www.msreverseengineering.com/blog/2024/8/20/c-unwind-metadata-1

#ReverseEngineering
this post | permalink
CVE-2024-5535: `SSL_select_next_proto` buffer overread celebrating a decade of publishing your heap over the internet

https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html

Missed this one earlier, pretty fun bug and good writeup!
this post | permalink
[RSS] Details about CVE-2024-22263: Spring Cloud Dataflow Arbitrary File Writing

https://blog.securelayer7.net/spring-cloud-data-flow-exploit/
this post | permalink
[RSS] “YOLO” is not a valid hash construction

https://blog.trailofbits.com/2024/08/21/yolo-is-not-a-valid-hash-construction/
this post | permalink
[RSS] An Introduction to GCPwn – Parts 2 and 3

https://www.netspi.com/blog/technical-blog/cloud-pentesting/introduction-to-gcpwn-parts-2-and-3/
this post | permalink
@binaryninja Unfortunately it's not straightforward, since it's not trivial to find these resources in the first place when one just wants to launch the software.

Also note, that while the linked Qt repos seem to document necessary dependencies, these are for building the sw (-dev packages), while for simply running these are unnecessary. The Open Source page includeslibraries that are statically linked with the code along with dynamic dependencies, and it doesn't mention at least the necessary extensions for libxcb.
this post | permalink
@tychotithonus IMO if you feel like the enthusiasm for a new Phrack release is too much there is hope.
this post | permalink
The missing guide to the security of filesystems and file APIs (v1) by @gergelykalman

https://gergelykalman.com/the-missing-guide-to-the-security-of-filesystems-and-file-apis.html
this post | permalink
Next Page