bednars.me

bednars.me Minimalistyczny blog w stylu retro https://bednars.me WinPE as a stateless harness for Windows driver testing and fuzzing Eliminate the overhead and lack of idempotency of a full Windows system in automated testing. A practical guide to configuring WinPE and QEMU for lightning-fast boot, automating kernel debugging, and avoiding KDNET pitfalls. https://bednars.me/blog/winpe-harness https://bednars.me/blog/winpe-harness Sun, 28 Jun 2026 00:00:00 GMT Some blog updates and the end of 'Agitka' I write about the recent updates to this blog and the decision to shut down the 'Agitka' editorial project, reflecting on the challenges and lessons learned from that experience. https://bednars.me/blog/updates-and-end-of-agitka https://bednars.me/blog/updates-and-end-of-agitka Sat, 30 May 2026 00:00:00 GMT Security of LLM inference during runtime I present a practical demonstration of how the integrity of a language model can be compromised during inference by modifying quantized weights in a GGUF file without restarting the server or injecting code. This highlights the importance of considering model storage and memory mapping in LLM security. https://bednars.me/blog/llm-integrity-during-inference-llama https://bednars.me/blog/llm-integrity-during-inference-llama Tue, 10 Mar 2026 00:00:00 GMT How I found a vulnerability in WP mail? I write about how I discovered a vulnerability in the Wirtualna Polska (WP) mail service, which allowed me to execute stored XSS in user session. I explain the technical details of the bug, how I exploited it, and the response from WP's security team. https://bednars.me/blog/how-i-found-a-vulnerability-in-wp https://bednars.me/blog/how-i-found-a-vulnerability-in-wp Tue, 17 Feb 2026 00:00:00 GMT Stealing AI models through a public API I write about how publicly exposed AI features can be exploited to extract models and perform free inference, highlighting the risks of model theft and the potential for systematic misuse of AI APIs. https://bednars.me/blog/stealing-ai-models https://bednars.me/blog/stealing-ai-models Fri, 14 Nov 2025 00:00:00 GMT Questions after the malware packer article Following explosive Reddit interest in the neural packer article, I respond to community questions and criticisms. I clarify PoC limitations, discuss practical attack vectors, and explore how hardware AI accelerators could bypass dynamic analysis and sandboxing. https://bednars.me/blog/malware-packer-questions https://bednars.me/blog/malware-packer-questions Tue, 01 Jul 2025 00:00:00 GMT LSTM or Transformer as "malware packer" Exploring how neural networks can be exploited to hide malicious code by leveraging overfitting and AI hardware accelerators. https://bednars.me/blog/lstm-malware-packer https://bednars.me/blog/lstm-malware-packer Sun, 29 Jun 2025 00:00:00 GMT