infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[ϻг_ϻε @ X] RT by @steventseeley: Sharing our writeup for Jumpserver Preauth RCE Exploit Chain

https://sites.google.com/site/zhiniangpeng/blogs/Jumpserver
this post | permalink
@marver Pwnies should have categories extended like "Best ... aside of Qualys"
this post | permalink
Analysis Of Multiple Vulnerabilities In Ofbiz

"This analysis explores Ofbiz, focusing on the main root cause behind CVE-2023-49070, CVE-2020-9496, and CVE-2023-51467"

https://blog.securelayer7.net/ofbiz-authentication-bypass-cve-2023-51467/
this post | permalink
CVE-2023-6246 is another great example by Qualys of turning a memory corruption into a reliable data-based primitive <3
this post | permalink
[RSS] Ghidra 11.0.1 has been released!

Minor release. Bugfixes mostly.

https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.0.1_build
this post | permalink
[Alex Plaskett @ X] RT by @alexjplaskett: Out-of-bounds read & write in the glibc's qsort(), @Qualys Security Advisory.

For the algorithm lovers: Nontransitive comparison functions lead to out-of-bounds read & write in glibc%27s qsort().

https://www.openwall.com/lists/oss-security/2024/01/30/7
this post | permalink
[Alex Plaskett @ X] RT by @alexjplaskett: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog(), @Qualys Security Advisory.

https://www.openwall.com/lists/oss-security/2024/01/30/6
this post | permalink
[Yarden Shafir @ X] Good morning! Here's a short post about the things I found when my computer started repeatedly crashing. Didn't fully fix the problem but discovered some fun things on the way

https://windows-internals.com/troubleshooting-a-system-crash/
this post | permalink
#reverseengineering

(/by pupOnSecurity@X)
this post | permalink
@swapgs Added: https://github.com/v-p-b/xss-reflections?tab=readme-ov-file#operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra---february-2022
this post | permalink
Next Page