zaakir.io | blog

My thoughts

Abliteration: Uncensoring an LLM (and Why You Might Want To)

Commercial models refuse a lot of legitimate requests. Here's why "uncensoring" an open-weight model is useful and how I achieved it. ⚠️ A note before we start. An uncensored model will answer almost...

LLMs, AI, abliteration, local ai

How AI Ruined My Favourite Colour

Purple used to mean the void, the threshold, the half-demon. Then a single Tailwind decision in 2020 propagated into every AI's training data, and now it means a generic SaaS landing page. A meditation on what AI does to cultural signifiers.

AI, Design, Opinion

1 Month into Local LLM - What I've learned.

One Month Into Local LLMs: What I've Learned It's been about a month since I went down the local-LLM rabbit hole. In that time I've: Built llama.cpp from source Written my own benchmarking software to...

AI, LLMs, LLM, local ai

The Two-File LLM

Andrej Karpathy's hour-long LLM talk is from late 2023. Most of it still holds up. A reread two-and-a-half years on.

LLMs, AI, Inference

Bug Bounty Hunting Methodology

A methodology for starting out in bug bounty hunting

Bug Bounty

Setting up a Bug Bounty VPS

How to setup a VPS for bug bounty hunting

Bug Bounty

From PHP Upload Bypass to KeePass Cracking

Two techniques worth remembering from TryHackMe's Opacity — bypassing PHP upload filters with a fragment character, and cracking .kdbx files with keepass2john + john.

THM, Web, Password Cracking

Hijacking Spring Boot Sessions via /actuator

How an exposed /actuator/sessions endpoint on the HTB CozyHosting box turns into a full authentication bypass — and a refresher on the sudo ssh GTFObin.

HTB, Spring Boot, Web