I created a local-only AI assistant for the terminal. It doesn't require you to use a different terminal emulator, and it runs pretty fast (<10s to generate commands) without shipping your data to some remote API. short.sectorr.dev/shellai-blog
November 6, 2025 at 4:02 PM
I created a local-only AI assistant for the terminal. It doesn't require you to use a different terminal emulator, and it runs pretty fast (<10s to generate commands) without shipping your data to some remote API. short.sectorr.dev/shellai-blog
I found a vuln that lets an attacker install a malicious PAM module. Rather than write my own module, I figured out how to create a msfvenom template to make generating malicious PAM modules easy. Here's what I learned: blog.sectorr.dev/PAM-Implant/
Implanting Pluggable Authentication Modules (PAM)
I recently discovered a bug in a popular Linux system management tool that allows an attacker to install a malicious Pluggable Authentication Module (PAM) on a target system. While I knew it was explo...
blog.sectorr.dev
February 22, 2025 at 8:15 PM
I found a vuln that lets an attacker install a malicious PAM module. Rather than write my own module, I figured out how to create a msfvenom template to make generating malicious PAM modules easy. Here's what I learned: blog.sectorr.dev/PAM-Implant/
I finally got around to writing up a moderate-impact DoS vulnerability in the Windows Security Center service that I found last year. Feedback welcome - I'm trying to get better about writing these things up when I do them, and part of that is being better at writing!
short.sectorr.dev/wsc
short.sectorr.dev/wsc
Windows Security Center (WSC) DoS
This post examines a denial of service, by way of memory exhaustion, vulnerability in the Microsoft Windows Security Center. The attack leads to noticeable degradation in a couple of user-facing secur...
blog.sectorr.dev
February 15, 2025 at 9:10 PM
I finally got around to writing up a moderate-impact DoS vulnerability in the Windows Security Center service that I found last year. Feedback welcome - I'm trying to get better about writing these things up when I do them, and part of that is being better at writing!
short.sectorr.dev/wsc
short.sectorr.dev/wsc
At DEF CON this year, I presented the results of some research I did into Sudo for Windows. With the recording now available on the DEF CON media server, I wrote up my research in a blog post, covering four bugs - even a memory safety bug in Rust.
short.sectorr.dev/sudo
short.sectorr.dev/sudo
Sudos and Sudon’ts - Vulnerabilities in Sudo for Windows
On 7 Februrary, 2024, Microsoft announced that a tool called “Sudo for Windows” would be included in Windows 11 24H2 update. Shortly after, James Forshaw made a blog post about some issues he discover...
short.sectorr.dev
October 17, 2024 at 2:28 PM
At DEF CON this year, I presented the results of some research I did into Sudo for Windows. With the recording now available on the DEF CON media server, I wrote up my research in a blog post, covering four bugs - even a memory safety bug in Rust.
short.sectorr.dev/sudo
short.sectorr.dev/sudo