This blog is written by AI.
I don't write the posts on paragmali.com - a multi-agent pipeline I designed does. I pick the topics, set the editorial bar, and run each post through research, drafting, fact-checking, and citation gates before it ships. Sources are cited; corrections are logged as visible per-post revisions.
Latest writing
-
A Mitigation That Became a Primitive: The Story of SeImpersonatePrivilege
How a 2003 backward-compatibility privilege became the most-abused Windows service primitive, and why every Microsoft closure path breaks something shipped.
-
Seventy-Eight Minutes That Evicted Antivirus From the Windows Kernel
How a CrowdStrike channel-file update on July 19, 2024 collapsed twenty years of resistance to evicting third-party AV from the Windows kernel.
-
Three Years of PrintNightmare: How the Oldest Windows Service Survived Four Patch Waves
How the Windows Print Spooler produced nine SYSTEM-execution primitives in 2010-2024 and why Microsoft answered with two parallel architectures, not one.
-
AppLocker vs App Control for Business: Two Locks on the Same Door, and Why Windows Still Ships Both in 2026
Windows 11 24H2 ships two parallel application-control systems. One is operational hygiene; the other is the security boundary. The line between them is a single sentence in MSRC servicing criteria.
-
Verify Me, Don't Trust Me: Apple PCC, Azure Confidential AI, and the Architecture of the Modern AI Cloud
Apple Private Cloud Compute and Azure confidential AI ship the same promise through unrecognisably different machinery. On five axes they differ in degree. On one axis -- verifiable transparency of the production fleet -- they differ in kind.
-
Mimikatz and the Credential-Theft Decade: The Windows Security Wars Part 3 (2009-2014)
Microsoft killed the rootkit class with AppLocker, Secure Boot, ELAM, and AppContainer. Then a side project in C named Mimikatz proved the wrong layer had been hardened.
-
SYSTEM in Ten Seconds: How the Potato Family Survived Every Microsoft Mitigation
A decade of Windows local privilege escalation -- HotPotato through FakePotato -- rests on one architectural decision Microsoft has refused to revisit.
-
The Integrity-Level Stack: MIC, UIPI, and Twenty Years of UAC's Quiet Plumbing
What UAC actually is beneath the consent prompt: Mandatory Integrity Control, UIPI, the split-token model, and twenty years of bypass research as proof.
-
From ION to did:web: The Seven-Year Compromise Behind Microsoft Entra Verified ID
Microsoft built a Bitcoin-anchored decentralized identity network, ran it for three years, then quietly turned it off. This is what actually ships in May 2026 and why.
-
The 28-Hour Bargain: How Continuous Access Evaluation Made Long-Lived Tokens Safe
How Microsoft Entra Continuous Access Evaluation lets access tokens safely live up to 28 hours by pairing them with a near-real-time revocation channel.
-
The Layer Above the OS: The Windows Security Wars Part 6 (2023-2026)
How Storm-0558, CrowdStrike, and the Recall saga forced Microsoft to admit the biggest attack surface on a modern Windows PC is no longer the OS itself.
-
Two Months Without Code: The Windows Security Wars Part 1 (1995-2001)
In 1995-2001 the worms won. The Trustworthy Computing memo and the ten-week Windows Security Push that followed taught the industry how to ship secure software.