Transformer-decoder language models

Published: Jan 7 2025

Some notes on how transformer-decoder language models work, taking GPT-2 as an example, and with lots references in order to dig deeper.

GitHub Copilot instructions

Give me your prompt, would you kindly?

Published: Dec 26 2024

Extracting the system prompt from GitHub CoPilot.

Bypassing XSS filters

Published: Nov 20 2024

In this post, I am describing some payloads which I used to bypass two distinct XSS filter implementations (such as Web Application Firewalls (WAF)) as well as the approach to design them.

WebSub sequence diagram

Published: Oct 22 2024

A sequence diagram for WebSub (formerly PubSubHubbub).

The FBI recommends using ad blockers

Published: Sep 8 2024

An interesting note from the FBI.

UMA 2.0 diagrams

Published: Jun 17 2024

Some diagrams (mostly sequence diagrams) about UMA 2.0.

Notes on X3DH

Published: May 9 2024

Some notes on X3DH (Extended Triple Diffie-Hellman).

OpenSSH tunneling guide

“Welcome to the Warp Zone!”

Published: Apr 13 2024

This post is an overview of the different tunneling options available in OpenSSH. This is inteded as a reference to use when I am explaining (every so often) how to use SSH for tunneling.

Protocol stack diagrams

Layers all the way down

Published: Dec 20 2023

A collection of ASCII-art protocol stack diagrams.

Arbitrary code execution through kitty-open.desktop file association

ニャーニャー

Published: Sep 23 2023

In Debian kitty package, the kitty-open.desktop file would associate kitty +open with several MIME types. This could be used to arbitrary trigger code execution by serving a file with such a MIME type.

This has been introduced in kitty in 73a197fcd (2022-02-06) released as part of v0.24.3. This has been fixed in v0.26.5-5 of the Debian kitty package. Fixed upstream in 537cabca7 released in v0.29.0. Other distributions such as Ubuntu Lunar are still impacted.

Page 2 of 11 | Previous page | Next page | JSON Feed | Atom Feed