infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

I just read this (now deleted) question on Reddit:

"Wich One İs better Hack the box Or Try Hack me?" (sic!)

This may be unpopular, but IMO
1) Nothing beats building your own environments, as you'll learn *how* the stuff works and *why* misconfigs happen.
2) Real targets rarely have as limited attack surfaces as these lab machines. A crucial skill is to filter the data you get from initial scans (IIRC OSCP labs were more realisting in this aspect).

#TryHackMe #HackTheBox #pentest #training
this post | permalink
[RSS] Spice86: Reverse engineer and rewrite real mode DOS programs

https://github.com/OpenRakis/Spice86
this post | permalink
[RSS] From Zero to Emo - My Journey of Many Failures in kernelCTF

https://u1f383.github.io/linux/2025/02/21/from-zero-to-emo-my-journey-of-many-failures-in-kernelCTF.html
this post | permalink
[RSS] Security Bulletin: IBM i is vulnerable to a user gaining elevated privileges due to an unqualified library call [CVE-2024-55898].

https://www.ibm.com/support/pages/node/7183835?myns=swgother&mynp=OCSWG60&mynp=OCSSB23CE&mynp=OCSSTS2D&mynp=OCSSC5L9&mynp=OCSS9QQS&mync=A&cm_sp=swgother-_-OCSWG60-OCSSB23CE-OCSSTS2D-OCSSC5L9-OCSS9QQS-_-A
this post | permalink
[RSS] Pluralistic: Ad-tech targeting is an existential threat

https://pluralistic.net/2025/02/20/privacy-first-second-third/
this post | permalink
@4Dgifts "Von Neumann himself attributed his generation's success to 'a coincidence of some cultural factors' that produced 'a feeling of extreme insecurity in the individuals, and the necessity to produce the unusual or face extinction'" (The Man from the Future, the Visionary Ideas of John von Neumann, quoting from Stanislaw Ulam's Andventures of a Mathematician)
this post | permalink
Writing a #Ghidra processor module

https://irisc-research-syndicate.github.io/2025/02/14/writing-a-ghidra-processor-module/?ref=blog.exploits.club

"In this article we will create a Ghidra processor module for the iRISC processors, these processors are embedded in the ConnectX series of NICs from NVIDIA/Mellanox."

Not a beginners tutorial, as it skims over many important steps and details, but still good to have more of these as there's always a trick or two to learn.
this post | permalink
PostgreSQL 17.4, 16.8, 15.12, 14.17, and 13.20 Released

https://www.postgresql.org/about/news/postgresql-174-168-1512-1417-and-1320-released-3018/

This fixes a regression introduced by the latest vulnerability fix:

"The fix for CVE-2025-1094 caused the quoting functions to not honor their string length parameters and, in some cases, cause crashes."
this post | permalink
CVE 2025-26794 - SQL injection in Exim

https://exim.org/static/doc/security/CVE-2025-26794.txt

Configs using SQLite may be vulnerable.
this post | permalink
[RSS] LSA Secrets: revisiting secretsdump

https://www.synacktiv.com/en/publications/lsa-secrets-revisiting-secretsdump
this post | permalink
Next Page