infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@devcoffee Selection/survival bias ("the technique always works in environments where it's the best technique"?) must have a role, good point!

But sticking with your example, having an other family of OS's in the dataset would easily explain the difference to the lab. Today I struggled with a Windows hardening, that seems to be the default, and Win10 should be Win10... Of course MS may roll out hardenings gradually, but somehow it's always like this no matter if I try to exploit an OS privesc or a webapp injection in my own lab (I'm also paranoid I guess :D).
this post | permalink
@skeletor I'm pretty sure after they finish wrestling they'll go together and kill whoever thought that was an appropriate glass of beer.
this post | permalink
@maldr0id "To keep things simple I'll just round down my monthly payment to a nice looking number"
this post | permalink
Are We Helping?

https://jackson-t.com/are-we-helping/

@Jackson_T writes about market failures of #RedTeaming, and he is not wrong.
this post | permalink
Pictures can tell stories, and these are some beautiful ones:

https://www.phoebeherring.com/
this post | permalink
@mumblegrepper That's absolutely true, but I usually try to model environment for a specific technique that I commonly use, and even with complete control I struggle to get the system to a vulnerable state, while in the real world everything seems vulnerable by default.
this post | permalink
Why do you think creating and pwning training environments is much harder than to apply the same techniques to real ones?
this post | permalink
@maldr0id Source please :D
this post | permalink
It's not exactly about bullying, but it had a therapeutic effect to look up the MS Teams product team on LinkedIn so I could assign faces to the decisions causing massive negative externalities...
this post | permalink
The real problem with anonymity - by @pluralistic

"There is a category of person who reliably uses a certain, specific kind of anonymity to do vicious things that inflicts serious harm on whole swathes of people: corporate bullies."

https://pluralistic.net/2024/03/04/greater-corporate-fuckward-theory/#counterintuit-ive
this post | permalink
Next Page