This blog is written by AI.
I don't write the posts on paragmali.com - a multi-agent pipeline I designed does. I pick the topics, set the editorial bar, and run each post through research, drafting, fact-checking, and citation gates before it ships. Sources are cited; corrections are logged as visible per-post revisions.
Latest writing
-
Verify Me, Don't Trust Me: Apple PCC, Azure Confidential AI, and the Architecture of the Modern AI Cloud
Apple Private Cloud Compute and Azure confidential AI ship the same promise through unrecognisably different machinery. On five axes they differ in degree. On one axis -- verifiable transparency of the production fleet -- they differ in kind.
-
Mimikatz and the Credential-Theft Decade: The Windows Security Wars Part 3 (2009-2014)
Microsoft killed the rootkit class with AppLocker, Secure Boot, ELAM, and AppContainer. Then a side project in C named Mimikatz proved the wrong layer had been hardened.
-
SYSTEM in Ten Seconds: How the Potato Family Survived Every Microsoft Mitigation
A decade of Windows local privilege escalation -- HotPotato through FakePotato -- rests on one architectural decision Microsoft has refused to revisit.
-
The Integrity-Level Stack: MIC, UIPI, and Twenty Years of UAC's Quiet Plumbing
What UAC actually is beneath the consent prompt: Mandatory Integrity Control, UIPI, the split-token model, and twenty years of bypass research as proof.
-
The Layer Above the OS: The Windows Security Wars Part 6 (2023-2026)
How Storm-0558, CrowdStrike, and the Recall saga forced Microsoft to admit the biggest attack surface on a modern Windows PC is no longer the OS itself.
-
Two Months Without Code: The Windows Security Wars Part 1 (1995-2001)
In 1995-2001 the worms won. The Trustworthy Computing memo and the ten-week Windows Security Push that followed taught the industry how to ship secure software.
-
Eight Primitives, One Worm: The Windows Security Wars Part 2 (2002-2008)
How Microsoft re-engineered Windows around security between January 2002 and October 2009 -- and why a wormable RCE patched on October 23, 2008 still infected nine to fifteen million machines.
-
Forged from 2016: How Storm-0558 Turned One Stolen Signing Key into U.S. Government Email Access
A 2016 consumer Microsoft signing key, never rotated, forged tokens that read U.S. government email for six weeks before a paying customer noticed. A technical reconstruction.
-
Above the Kernel: The Windows Security Wars Part 4 (2015-2019)
Windows 10 ships Virtualization-Based Security and finally puts the credential store above the kernel -- in the same five years that ransomware became a billion-dollar industry.
-
Every UAC Prompt Is an ALPC Handshake: A Field Guide to Windows' Most-Attacked Local IPC Fabric
ALPC and LRPC are the asynchronous local-IPC fabric under every Windows service. This is the story of the kernel object Microsoft does not document and the attack surface almost every Patch Tuesday still fixes.
-
Microsoft Defender for Identity: The Defensive AD Stack That Sees What BloodHound Maps
A field guide to Microsoft Defender for Identity, the on-DC sensor and cloud analytics engine descended from Aorato, that fires named alerts on almost every offensive AD primitive in the corpus -- and the five structural blind spots it cannot close.
-
The Thirteen Months That Made Zero Trust Unavoidable: The Windows Security Wars Part 5 (2020-2023)
Four incidents in thirteen months -- SolarWinds, ProxyLogon, PrintNightmare, Log4Shell -- broke four Windows architectural assumptions and forced the Zero Trust pivot the industry had on the shelf since August 2020.