infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] Llama's Paradox - Delving deep into Llama.cpp and exploiting Llama.cpp's Heap Maze, from Heap-Overflow to Remote-Code Execution

https://retr0.blog/blog/llama-rpc-rce
this post | permalink
[RSS] Blasting Past Webp

https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html

An analysis of the NSO BLASTPASS iMessage exploit
this post | permalink
@nixfreak submodules maybe? also pls note that I linked an experimental branch, you'll be better off with upstream. if you encounter problems please use the GH issue tracker so others can learn from the answers too!
this post | permalink
Some quality Hungarian death metal (from Bandcamp Daily):

https://mesacounojo.bandcamp.com/album/t-viskert-a-k-s-rt-s-r-k-rzete-lid-rcharang
this post | permalink
Here's how it looks
this post | permalink
As you probably know loadlibrary by @taviso can load Windows DLL's - including Windows Defenders mpengine.dll - on Linux.

Since the loader needed some debugging I ended up figuring out how to load the Linux-native mpclient into #Ghidra's debugger and use it to debug the PE module too:

https://github.com/v-p-b/loadlibrary/blob/x64_waffle/GHIDRA.md

This can spare an IDA license and performing dark arts with awk and gas...which is actually pretty badass, so if you want to keep doing that without IDA here's a Ghidra script too:

https://gist.github.com/v-p-b/c7d934234297158047b678f655c7d99f
this post | permalink
CVE-2025-30232 Exim use-after-free can potentially lead to privilege escalation

https://exim.org/static/doc/security/CVE-2025-30232.txt

(was ZDI-CAN-26250)
this post | permalink
[RSS] Android VRP Announces AutoRepro - $1,000 bonus for eligible submissions!

https://bughunters.google.com/blog/6496960683835392/android-vrp-announces-autorepro-1-000-bonus-for-eligible-submissions
this post | permalink
@rk @lizzy I'm sorry there's just too much meme potential in this post!
this post | permalink
@lizzy
this post | permalink
Next Page