Eliminate the overhead and lack of idempotency of a full Windows system in automated testing. A practical guide to configuring WinPE and QEMU for lightning-fast boot, automating kernel debugging, and avoiding KDNET pitfalls.
I write about the recent updates to this blog and the decision to shut down the 'Agitka' editorial project, reflecting on the challenges and lessons learned from that experience.
I present a practical demonstration of how the integrity of a language model can be compromised during inference by modifying quantized weights in a GGUF file without restarting the server or injecting code. This highlights the importance of considering model storage and memory mapping in LLM security.
I write about how I discovered a vulnerability in the Wirtualna Polska (WP) mail service, which allowed me to execute stored XSS in user session. I explain the technical details of the bug, how I exploited it, and the response from WP's security team.
I write about how publicly exposed AI features can be exploited to extract models and perform free inference, highlighting the risks of model theft and the potential for systematic misuse of AI APIs.
Following explosive Reddit interest in the neural packer article, I respond to community questions and criticisms. I clarify PoC limitations, discuss practical attack vectors, and explore how hardware AI accelerators could bypass dynamic analysis and sandboxing.
Exploring how neural networks can be exploited to hide malicious code by leveraging overfitting and AI hardware accelerators.