infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

"Do you wish Time Travel Debugging was faster and more lightweight? Our latest version lets you decide exactly what you want recorded! Select modules to record or use the API for full control. Get your recording just the way you like it. Crusts optional."

#TimeTravelDebugging #reverseengineering #windbg

https://learn.microsoft.com/en-us/windows-hardware/drivers/debuggercmds/time-travel-debugging-overview

Source: https://twitter.com/KensyAtMS/status/1751038723196649967
this post | permalink
With Nitter dying it's very unlikely I'll be able to funnel news from the birdsite anymore.

#infosec Fedi must get their shit together, because it's clear that a significant chunk of relevant content simply doesn't show up here.

Share knowledge. Make it discoverable.

Reposts appreciated!
this post | permalink
I guess I have to add another item to my "reflective XSS exploited in the wild" list (still less than 5 elements though)

https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
this post | permalink
[dmnk@infosec.exchange @ X] RT by @domenuk: I know I'm late for Christmas presents but I've added dynamic instrumentation filtering to AFL++. You can now select which parts of the (llvmnative) instrumentation you want to use at runtime, without rebuilding

https://github.com/AFLplusplus/AFLplusplus/tree/dev/utils/dynamic_covfilter
this post | permalink
[blasty @ X] R to @bl4sty: here's a little look behind the scenes. the Autel EV charger is remotely puppeteered through a RPi over SSH. The android phone was used to develop some BLE exploits because pybluez is hard/flaky (apparently). The camera-tiewrapped-to-a-selfiestick was used to stream the display.

https://twitter.com/bl4sty/status/1750872852063035872
this post | permalink
@fourlastor @vlt @jerry There is also https://www.hybrid-analysis.com/ . My guess would be flagging "running java from an exe" as suspicious/evasive behavior...
this post | permalink
This #Electron ipcRenderer thing kept bugging me so I created a demo and wrote down what I've found:

https://github.com/v-p-b/electron-ipcrenderer

Am I missing something? Please let me know!

#electronjs #security
this post | permalink
@osxreverser "Something is better than nothing" - by this logic even the "Cobra Law"[1] was an admirable step despite its counter-productivity.

But I'm curious about your opinion on what specific benefits *does* this regulation bring to the table?

[1] https://medium.com/@markel0504/the-backfire-of-the-indian-cobra-law-d6f37611ad6b
this post | permalink
@osxreverser Yes, companies don't give a fuck, that's why *good* regulation would be necessary. Now we have a bad one and regulators can sit back saying they did their job while meaningless banners are shit all over the web.
this post | permalink
@osxreverser The EU created regulation that can be circumvented on the expense of the citizens it was meant to protect. Tell me how this is good regulation...
this post | permalink
Next Page