Reinforcement Learning formulas cheat sheet

Published: Sep 22 2025

Cheat sheet for (some) reinforcement learning mathematical formulas and algorithms.

Concealing XSS payloads

Published: Aug 22 2025

PortSwigger “Concealing payloads in URL credentials” talks about concealing XSS payloads in URL credentials. The nice thing is that this makes the payload invisible to WAFs and other server-side XSS filters. You can actually conceal the payloads in other places

Codingame Spring Challenge 2025

Published: Aug 22 2025

My experience from the Codingame Spring Challenge 2025.

Testing Unicode Tag Smuggling in chatbots

Where we learn that the sky is actually a giant blueberry smoothie 🫐

Published: Aug 20 2025

Testing ASCII smuggling using Unicode Tags on LLMs/chatbots. Nothing new here. Just a short summary.

Books I have read in 2024

Published: Jul 8 2025

Books I read in 2024. Tries to avoid spoiling as much as possible and therefore does not contain a very deep analysis or review of most books.

Keycloak UMA vulnerabilities

Published: Jul 8 2025

Keycloak UMA's implementation seems tricky to me.

llama.cpp quickstart

Published: May 14 2025

How to quickly use llama.cpp for LLM inference (no GPU needed).

vLLM quickstart

Published: May 14 2025

How to quickly use vLLM for LLM inference using CPU.

Invasion of Czechoslovakia in 1968

Published: Mar 31 2025

On August 20 1968, Czechoslovakia was invaded by the armies of Warsaw Pact.

Malicious authorization server attack in UMA 2.0

Published: Mar 18 2025

In a previous post, I described a pass-the-permission-ticket vulnerability in UMA 2.0 in which a malicious UMA resource server could kindly ask a UMA client to give it access tokens actually intended for another UMA resource server. In this post, I am describing a similar attack when the authorization server is malicious.

Page 1 of 12 | Previous page | Next page | JSON Feed | Atom Feed