infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] #Ghidra 11.0.3 has been released!

https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.0.3_build

#ReverseEngineering
this post | permalink
@kurtseifried There are surely different solutions for different use-cases. E.g. in the general case I'd personally prefer my bank to lock the hell out of my account in case of multiple login failures. I usually say that even if throttling is out of question putting some alerting in place (preferably towards the user and SOC) can have significant impact on attacks. My general point is that since you control the key verification process you can get very creative with mitigations.
this post | permalink
@kurtseifried I'd take the current required brute-force strength of symmetric ciphers as a baseline (e.g. NIST recommendations). And yes, I would consider the number of targets to avoid collisions.

Also, a major factor to consider are server-side mitigations (lock-out, throttling, etc.), but those can fail more easily.
this post | permalink
Psilocybe Project really gets the good old full-on vibes going \o/

https://www.youtube.com/watch?v=XuUnoahz9T4
this post | permalink
Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation. (CVE-2023-36424)

https://github.com/Nassim-Asrir/CVE-2023-36424
this post | permalink
@spacerog @chompie1337 Here's the results summary: https://www.thezdi.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-results
this post | permalink
@Pionir @thiagocsf @helenczerski @davidho Came to post this, thank you :D
this post | permalink
Is it me or Kindle's battery level indicator is a lying bastard?
this post | permalink
[RSS] Exploiting GLPI during a Red Team engagement

http://blog.quarkslab.com/exploiting-glpi-during-a-red-team-engagement.html

"GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing." This is CVE-2023-43813.
this post | permalink
[RSS] Pwn2Own Vancouver 2024 - Day Two Results

https://www.thezdi.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-results
this post | permalink
Next Page