infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[oss-security] Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591)

https://seclists.org/oss-sec/2025/q1/201

Below: "A time traveling resource monitor for modern Linux systems" <- this sounds pretty cool!

https://github.com/facebookincubator/below
this post | permalink
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799 /CVE-2025-24801)

https://blog.lexfo.fr/glpi-sql-to-rce.html

GLPI: "The most complete open source service management software"
this post | permalink
Unraveling Time: A Deep Dive into TTD Instruction Emulation Bugs

https://cloud.google.com/blog/topics/threat-intelligence/ttd-instruction-emulation-bugs?linkId=13384255
this post | permalink
[RSS] Reviving the modprobe_path Technique: Overcoming search_binary_handler() Patch

https://blog.theori.io/reviving-the-modprobe-path-technique-overcoming-search-binary-handler-patch-2dcb8f0fae04?source=rss-4b564abdafa3------2
this post | permalink
The only reasonable reaction to this is to unfollow ofc
this post | permalink
[RSS] Detecting and Mitigating the Apache Camel Vulnerability CVE-2025-27636

https://www.akamai.com/blog/security-research/march-apache-camel-vulnerability-detections-and-mitigations
this post | permalink
Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE

https://scrapco.de/blog/analysis-of-cve-2025-24813-apache-tomcat-path-equivalence-rce.html
this post | permalink
The Tomcat RCE is pretty fun, fortunately requirements look quite unusual. I'll write this up soonish, but first I have some hardware to fix...
this post | permalink
@ra6bit IME pentest can facilitate those things, e.g. I think every pentester has a story when the clients first inventory was compiled because it was needed for pentest scoping. Ofc this is far from ideal, but at least drives things in the right direction
this post | permalink
@wdormann signed, Dwayne Elizondo Mountain Dew Herbert Camacho
this post | permalink
Next Page