infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@bradlarsen I (and SO) stand corrected then, thanks for the information!
this post | permalink
[RSS] What keeps kernel shadow stack effective against kernel exploits?

https://tandasat.github.io/blog/2025/04/02/sss.html
this post | permalink
LLM use case: as "github syntax highlighter" doesn't give very good results when I try to find out what GitHub specifically uses, I turned to FastGPT.

Its answer ("Tree-sitter grammars are used for syntax highlighting") was wrong, while pointed to the correct SO answer (pointing to Linguist) as a reference:

https://stackoverflow.com/questions/8886360/what-javascript-syntax-highlighter-does-github-use
this post | permalink
@cR0w as I understand this is just pw guessing no? The CVE seems shoehorned in as a buzzword...
this post | permalink
@wdormann @cR0w @pup @cy Could you do a run with `7z -mhe=on`?
this post | permalink
[RSS] Time Travel Analysis for fuzzing crash analysis

https://eshard.com/posts/back-to-the-crash

Accidental timing: this one from eShard is different from my previous #TimeTravelDebugging post!
this post | permalink
Sorry, I blogged:

Debugging loadlibrary Through Space and Time

https://scrapco.de/blog/debugging-loadlibrary-through-space-and-time.html

#ReverseEngineering #TimeTravelDebugging #rr #ASAN
this post | permalink
@froge @hacks4pancakes It depends how you define the "market". If you have pentests/a SOC solely because they're regulatory requirements, your perfect provider is one with a gang of amateurs working for peanuts. It's not only cheaper than the alternative, but you won't even have to deal with non-trivial vulnerabilities/alerts!

(Yes, there are is such a market.)
this post | permalink
@hacks4pancakes "none of the jobs I just named are the typical entry level tracks of 'junior pen tester' and 'SOC analyst'"

I can only talk about pentesting but my stance has for long been that pentesting shouldn't have been an entry level position in the first place. Inviting people to this path with 0 experience in dev or ops is a scam that has long-term negative effects on the industry as a whole.
this post | permalink
@wdormann @cy @cR0w I'm not saying pw guessing is not in the picture, but metadata can be a good prefilter (and also something to count with when testing).
this post | permalink
Next Page