infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

Has anyone set up kernel debugging with a Windows 11 target with Proxmox (QEMU-KVM)?

This only works with Win10, Win11 doesn't boot for me:

https://forum.proxmox.com/threads/windbg-remote-kernel-debugging-and-proxmox-not-working.163625/

Serial would also be an option if I could make them recognized by guests:

https://forum.proxmox.com/threads/two-windows-guests-communicating-via-serial-console-comn.67588/
this post | permalink
@Viss sauce plz
this post | permalink
A casual player finds a memory corruption in Super Mario allowing arbitrary code execution and speedrunners exploit it *by hand* to warp to the credits screen.

https://www.youtube.com/watch?v=WdadpHLAfdA

#GameHacking is really something else!
this post | permalink
Had to make a proper GIF of this
this post | permalink
@martinvermeer @oivaeskola
this post | permalink
Blasting Past iOS 18

https://blog.dfsec.com/ios/2025/05/30/blasting-past-ios-18/

(Corrected link)
this post | permalink
[RSS] Blasting Past iOS 18

https://blog.dfsec.com/ios/2025/05/29/blasting-past-ios-18/

Edit: seems I have caught a pre-release post, whoops...
this post | permalink
It seems #IBMi ACS users keep strugling with Win11 hardenings:

https://www.ibm.com/support/pages/node/7180720?myns=swgother&mynp=OCSWG60&mync=A&cm_sp=swgother-_-OCSWG60-_-A

Here's my previous analysis of the problem:

https://blog.silentsignal.eu/2025/01/21/ibm-acs-password-dump/
this post | permalink
[RSS] Achieving Persistent Client-Side Attacks with a Single WeChat Message

https://www.darknavy.org/blog/achieving_persistent_client_side_attacks_with_a_single_wechat_message/
this post | permalink
[oss-security] CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

https://www.openwall.com/lists/oss-security/2025/05/28/6

I wonder if the now restricted behavior is useful for #deserialization gadgets (I couldn't find references to declaredClass abuse, but haven't finished my coffee yet either...)?
this post | permalink
Next Page