infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

#BurpSuite #UX
this post | permalink
I'm a bit ashamed to admit how much I like this track

https://www.youtube.com/watch?v=BxJLuHGZj6w
this post | permalink
@robb "We assume people are not sociopath and that most of them wants to be good citizen. " - Except companies are not people...

"It’s a dangerous line of thinking" - Slippery slope? It's also dangerous that regulators throw their hands in the air saying "we did regulation, now everything is fine, please move on", while the regulation resulted in massive negative externalities, that doesn't seem to go away anytime soon. By this reasoning the Cobra-law should still be in effect.
this post | permalink
[RSS] Pwn2Own Vancouver 2024 - The Full Schedule

https://www.thezdi.com/blog/2024/3/19/pwn2own-vancouver-2024-the-full-schedule
this post | permalink
@gim @finestructure
- If you can make the rules (define the enemy, declare war), then you are not simply complying, so that's a different story
- If the definition of enemy (as part of the rule) allows one to ~arbitrarily decide who they can hurt, then it is the rule that needs some refinement, see my original point.
(Note that the main rule is still sparing human life, so even considering crime by strict obedience the worst case is you becoming Batman)
this post | permalink
@simontsui 100% agreed! It's still a shame that the entry couldn't be marked as REJECTED, just like in case of that curl bug.
this post | permalink
@lorenzofb Spouseware/keyloggers/trojans are def spyware IMO (their purpose is to spy on victims), and they are often installed with legit access (w/o exploits).
this post | permalink
[RSS] CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster

https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/
this post | permalink
[RSS] Java deserialization tricks

https://www.synacktiv.com/en/publications/java-deserialization-tricks

This is mostly about defense evasion and post-exploitation.
this post | permalink
Looks like another case of CVE abuse:

https://helm.sh/blog/response-cve-2019-25210/
this post | permalink
Next Page