How LLMs Actually Work: A Transformer Internals Walkthrough

How LLMs Actually Work: A Transformer Internals Walkthrough

0xkato’s walkthrough of the mechanisms inside modern transformer-based LLMs — tokenization, embeddings, Rotary Position Embeddings, attention with Q/K/V and causal masking, multi-head attention and the move to Grouped-Query Attention, the feed-forward network as the stored-knowledge layer, Mixture of Experts, the residual stream + RMSNorm + pre-norm stack, and the next-token prediction loop with speculative decoding. By the end you can read a modern LLM model card and recognise which piece of the architecture each section is talking about.

Autonomous Vulnerability Hunting with MCP: Inside a Self-Improving 0-Day Pipeline

Autonomous Vulnerability Hunting with MCP: Inside a Self-Improving 0-Day Pipeline

Andy Gill’s ZephrSec write-up of an autonomous vulnerability hunting system built around Claude Code and the Model Context Protocol: 8 MCP servers, 300+ tools, a 5-VM Proxmox hunt range, a four-gate hallucination bin, a FAISS-backed RAG knowledge loop, and a bounty-intelligence ROI scorer. Already produced two assigned Go standard-library CVEs (CVE-2026-33809 in x/image/tiff, CVE-2026-33812 in x/image/font/sfnt), a four-stage OEM update-service chain ending in SYSTEM code execution on Windows 11 25H2, and two macOS findings, with multiple Windows LPEs/RCEs/UAFs in progress. Faithful walkthrough with all source assets reproduced.

CuSafe — Catching Memory Corruption on Commodity NVIDIA GPUs

CuSafe — Catching Memory Corruption on Commodity NVIDIA GPUs (USENIX Security ’26)

CuSafe is a GPU memory sanitizer for off-the-shelf NVIDIA hardware. It combines pointer tagging with in-band buffer bounds via an LLVM 21 transform pass, ships in a 2 964–line implementation, catches every spatial and temporal bug in the authors’ 33-program test suite, and incurs an average 13% slowdown on 44 GPU workloads — including LLaMA2-7B and LLaMA3-8B inference — against compute-sanitizer’s 15× baseline.