@hacksilon

What's your Threat Model?

2d ago · 15 min read · If you spend any time in vaguely AI-critical circles, chances are you saw the article by "That Privacy Guy" on how Anthropic installs Spyware on your PC if you install Claude desktop. I think this art

Please Stop Calling GenAI "Useless"

Mar 6, 2025 · 15 min read · A common shorthand I am seeing in criticisms of Generative AI technologies is that GenAI / LLMs are “useless”. This shows up again and again, especially in hot takes on Mastodon, and sometimes from people whose professional work I deeply respect. Whi...

Encryption Isn't Enough: Compromising a Payment Processor using Math

Feb 26, 2025 · 17 min read · During a security engagement with my employer, iteratec, I found and reported a security issue that allowed me to completely compromise the internal customer service frontend of a payment processor, which would have let us steal customer information ...

Spring Actuator Security, Part 3: Finding Exposed Actuators using Dynamic Testing with ffuf

Dec 9, 2022 · 8 min read · This is part three of a series on the security implication of Spring Actuators. I recommend having read at least the first part to understand the context. In the previous article, we discussed how you can leverage static code analysis using semgrep ...

Spring Actuator Security, Part 2: Finding Actuators using Static Code Analysis with semgrep

Sep 14, 2022 · 13 min read · In the first part of this series, we have discussed the risks inherent in exposing the Actuator functionality of the Spring framework. If you haven't read that part yet, I recommend that you do so before reading this article. In this article, we wi...