infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

By the Creek hosts some absolute bangers! Parfait is 🤯


https://www.youtube.com/watch?v=vzuGFmHx8Is
this post | permalink
@joxean @simontsui I guess they are supposed to be called WatchGuard these days but renaming things is hard...
this post | permalink
I wonder which #RedTeam was 1337 enough to burn some Panda driver 0-days during engagement!

Anyway, I added the incident to AVPWN:

https://github.com/v-p-b/avpwn/commit/17e31ed9d3d1a3bbd2c61532c2da25350573f050

Original story (thx @simontsui for sharing!): https://news.sophos.com/en-us/2024/01/25/multiple-vulnerabilities-discovered-in-widely-used-security-driver/
this post | permalink
@simontsui Coincidentally, this propaganda account is posting about Kaspersky's dealings with Iranian steel mills:

https://twitter.com/KasperSekrets/status/1750244617688150050
this post | permalink
@joxean Not exactly what you are looking for but you can update the AddressSet of the function with Function.setBody(): https://ghidra.re/ghidra_docs/api/ghidra/program/model/listing/Function.html#setBody(ghidra.program.model.address.AddressSetView)
this post | permalink
[RSS] The dangerous implementations of the IMemory­Buffer­Reference.Closed event

https://devblogs.microsoft.com/oldnewthing/20240124-00/?p=109311
this post | permalink
[RSS] Reverse Engineering ShapeSecurity's Javascript VM

https://www.botting.rocks/shapesecuritys-javascript-vm-part-1
this post | permalink
[Yarden Shafir @ X] RT by @yarden_shafir: found a critical bug that exists in every Linux boot loader signed in the past decade 🥰

This is CVE-2023-40547

https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d
this post | permalink
Exploit for CVE-2022-4262

Type Confusion in V8, exploited in the wild

https://github.com/mistymntncop/CVE-2022-4262
this post | permalink
[oss-security] Xen Security Advisory 448 v2 (CVE-2023-46838) - Linux: netback
processing of zero-length transmit fragment

"An unprivileged guest can cause Denial of Service (DoS) of the host by
sending network packets to the backend, causing the backend to crash."

https://www.openwall.com/lists/oss-security/2024/01/22/2
this post | permalink
Next Page