infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@freddy IME a consultants (incl pentesters) are hired in large part to outsource responsibility. We all know testing can't be perfect, but if there was a test and still there was an exploited bug, you have a scapegoat.

Example: you discover 10 SQLi's, which is a lot. Dev fixes all of them bit doesn't go any further in root cause analysis. When the 11th SQLi gets exploited it will be the pentesters fault that it was not in the report, because a) people think in checkbox lists b) doing proper analysis is expensive c) the consultant is not "one of us" ...
this post | permalink
@lcamtuf "given the opportunity to pretend to be an AI" is genius!
this post | permalink
This is a pretty good summary of #pentest as a profession:

https://www.reddit.com/r/Pentesting/comments/1ixoq2g/pentesting_is_the_hardest_cybersecurity/

(I don't think comparisons to other fields makes much sense though)
this post | permalink
@yeslikethefood @raptor For some time I went to IT expos for the target trialware
this post | permalink
[RSS] Reverse Engineering PowerPoint's XML to Build a Slide Generator

https://merlinai.framer.website/blog/ppt-generator
this post | permalink
[RSS] Mixing up Public and Private Keys in OpenID Connect deployments

https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html
this post | permalink
Fediverse is protecting my mental health by not showing my own posts to me again
this post | permalink
Look at this gem I just found:

Using WinDbg Over KDNet on QEMU-KVM

https://www.osr.com/blog/2021/10/05/using-windbg-over-kdnet-on-qemu-kvm/

"The enlightenments that are enabled by default include setting the hypervisor ID to the same ID that’s reported by Microsoft Hyper-V (which is “Microsoft Hv”). [...] when the KDNet transport initializes, it checks the hypervisor ID, and if it discovers it is running under Microsoft Hyper-V [...] it attempts to open a debugger connection using an undocumented protocol over a synthetic hypervisor-owned debug device that Hyper-V provides."

I'll give this a shot tomorrow on Proxmox and I'll drink something strong if modifying the hypervisor ID actually solves my issues! :D

#windbg #reverseengineering #proxmox #kvm
this post | permalink
@mttaggart @cR0w @Sempf +1 for disposable VM's/containers vs the cluttered mess these "purpose built" distros are!

*Proud to be n00b*
this post | permalink
@hajovonta @kravietz Is the infrastructure better in the UA offering? If the infra isn't there at UA side either than this factor you described doesn't seem to affect the positions of parties involved.
this post | permalink
Next Page