infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

So glad someone properly called out kWh!

https://www.youtube.com/watch?v=kkfIXUjkYqE

#CursedUnits
this post | permalink
@gsuberland https://www.youtube.com/watch?v=239vHrwt8Rs ?
this post | permalink
Slides like this will always have a special place in my heart! Source:

https://www.youtube.com/watch?v=goEb7eKj660
this post | permalink
[oss-security] pam_namespace local privilege escalation (CVE-2025-6020)

https://www.openwall.com/lists/oss-security/2025/06/17/1
this post | permalink
@drwhax @0xCDE you guys see work done at construction sites? (over here they usually just raise some fences, get the bosses cars parked then nothing happens for weeks)
this post | permalink
[oss-security] "the security policy of libxml2 has been changed to disclose vulnerabilities before fixes are available"

https://www.openwall.com/lists/oss-security/2025/06/16/6

CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170

CVE-2025-6021 looks like the most severe (integer overflow in xmlBuildQName())
this post | permalink
Off-By-One Conference Day 1&2 videos, without stupid redirectors:

https://www.youtube.com/playlist?list=PLiIDIO1Gp6V9t5jA1WnTVAfHNPPR9OhSx

https://www.youtube.com/playlist?list=PLiIDIO1Gp6V8_CMvMVabhyeABTW1yZrRZ
this post | permalink
@joxean Or engineering archeology?
this post | permalink
[RSS] Junk Code Engines for Polymorphic Malware

https://r0keb.github.io/posts/Junk-Code-Engines-for-Polymorphic-Malware/
this post | permalink
I created a library from prefetch-tool so you can more easily experiment with side-channel #KASLR bypasses on Windows:

https://github.com/v-p-b/prefetch-lib

For dogfooding I exploited HEVD on Windows 11 24H2:

https://github.com/v-p-b/HEVD-prefetch
this post | permalink
Next Page