infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@SecurityWriter Strong Dwayne Elizondo Mountain Dew Herbert Camacho vibes!
this post | permalink
Narrator: "Here's how the hack actually works"
Narrator: *Not actually explaining how the hack works.*

Gotta love USA-style storytelling!
this post | permalink
I think I should display this somewhere in a frame

https://youtu.be/My_13FXODdU?si=5l_PiCdfXbY3ohSx&t=540
this post | permalink
Computer History IBM 1130 System Engineering 1965

https://www.youtube.com/watch?v=SNqii4Hnu9A
this post | permalink
[RSS] Pwn everything Bounce everywhere all at once (part 2)

http://blog.quarkslab.com/pwn-everything-bounce-everywhere-all-at-once-part-2.html

New pre-auth RCE exploit chains for old SOPlanning bugs #NoCVE
this post | permalink
[RSS] Pwn everything Bounce everywhere all at once (part 1)

http://blog.quarkslab.com/pwn-everything-bounce-everywhere-all-at-once-part-1.html

Blast from the past: new, configuration independent exploitation method of CVE-2009-1151 (pre-auth RCE in phpMyAdmin)
this post | permalink
@codecolorist This is epic!
this post | permalink
@freddy IME a consultants (incl pentesters) are hired in large part to outsource responsibility. We all know testing can't be perfect, but if there was a test and still there was an exploited bug, you have a scapegoat.

Example: you discover 10 SQLi's, which is a lot. Dev fixes all of them bit doesn't go any further in root cause analysis. When the 11th SQLi gets exploited it will be the pentesters fault that it was not in the report, because a) people think in checkbox lists b) doing proper analysis is expensive c) the consultant is not "one of us" ...
this post | permalink
@lcamtuf "given the opportunity to pretend to be an AI" is genius!
this post | permalink
This is a pretty good summary of #pentest as a profession:

https://www.reddit.com/r/Pentesting/comments/1ixoq2g/pentesting_is_the_hardest_cybersecurity/

(I don't think comparisons to other fields makes much sense though)
this post | permalink
Next Page