Elusive Thoughts

Claude Stress Neurons & Cybersecurity /ai_pentesting /neurosec /enterprise CLAUDE STRESS NEURONS How emergent “stress circuits” inside Claude‑style models could rewire blue‑team workflows, red‑team tradecraft, and the entire threat model of big‑corp cybersecurity. MODE: deep‑dive AUTHOR: gk // 0xsec STACK: LLM x Neurosec x AppSec Claude doesn’t literally grow new neurons when you put it under pressure, but the way its internal features light up under high‑stakes prompts feels dangerously close to a digital fight‑or‑flight response. Inside those billions of parameters, you get clusters of activations that only show up when the model thinks the stakes are high: security reviews, red‑team drills, or shutdown‑style questions that smell like an interrog...

Claude Code Hooks: The Deterministic Security Layer Your AI Agent Needs > APPSEC_ENGINEERING // CLAUDE_CODE // FIELD_REPORT Claude Code Hooks: The Deterministic Security Layer Your AI Agent Needs CLAUDE.md rules are suggestions. Hooks are enforced gates. exit 2 = blocked. No negotiation. If you're letting an AI agent write code without guardrails, here's how you fix that. // March 2026 • 12 min read • security-first perspective Why This Matters (Or: How Your AI Agent Became an Insider Threat) Since the corporate suits decided to go all in with AI (and fire half of the IT population), the market has changed dramatically, let's cut through the noise. The suits in the boardroom are excited about AI agents. "Autonomous productivity!" they say. "Digital workforce!" they cheer. Meanwhile, those of us who actually hack things for a living are watching these agents get deployed with shell access, API keys, and service-l...

Introduction  This article is going to focus on Smart Contract upgradability, why this important and how can we achieve it. When dealing with Smart Contracts we need to be able to upgrade our system code. This is because if security critical bugs appear , we should be able to remediate the bugs. We would also want to enhance the code and add more features. Smart Contract upgradability is not as simple as upgrading a normal software due to the blockchain immutability.   As already mentioned by design, smart contracts are immutable. On the other hand, software quality heavily depends on the ability to upgrade and patch source code in order to produce iterative releases. Even though blockchain based software profits significantly from the technology’s immutability, still a certain degree of mutability is needed for bug fixing and potential product improvements.   Preparing for Upgrades    In order to properly do the upgrade we should be focusing in the followi...

 Introduction  As Crypto currency technologies are becoming more and more prevalent, as the time is passing by, and banks will soon start adopting them. Ethereum blockchain and other complex blockchain programs are relatively new and highly experimental. Therefore, we should expect constant changes in the security landscape, as new bugs and security risks are discovered, and new best practices are developed [1].This article is going to discuss how to perform a source code review in Ethereum Smart Contracts (SCs) and what to look for. More specifically we are going to focus in specific keywords and how to analyse them.  The points analysed are going to be: User supplied input filtering, when interacting directly with SC Interfacing with external SCs Interfacing with DApp applications SC formal verification Wallet authentication in DApp SC Programming Mindset When designing an SC ecosystem (a group of SCs, constitutes an ecosystem) is it wise to have some specific concepts ...

Introduction The reason for this blog post is to advertise my book. First of all I would like to thank all the readers of my blog for the support and feedback on making my articles better. After 12+ years in the penetration testing industry, the time has come for me to publish my book and tranfer my knowledge to all the intersted people that like hacking and want to learn as much as possible. Also at the end of the blog you will find a sample chapter. About The Author Gerasimos is a security consultant holding a MSc in Information Security, a CREST (CRT), a CISSP, an ITILv3, a GIAC GPEN and a GIAC GAWPT accreditation. Working alongside diverse and highly skilled teams Gerasi- mos has been involved in countless comprehensive security tests and web application secure development engagements for global web applications and network platforms, counting more than 14 years in the web application and application security architecture. Gerasimos further progressing in h...

Intro  This post is going to talk about source code reviewing PHP and demonstrate how a relatively small chunk of code can cause you lots of problems. The Code In this article we are going to analyze the code displayed below. The code displayed below might seem innocent for some , but obviously is not. We are going to assume that is used by some web site to delete posts from the logged in users securely. <?php require_once 'common.php'; validatemySession(); mydatabaseConnect(); $username = $_SESSION['username'];// Insecure source $username = stripslashes($username);// Improper filtering $username = mysql_real_escape_string($username);//Flawed function // Delete the post that matches the postId ensuring that it was created by this user $queryDelete = "DELETE FROM posts WHERE PostId = " . (int) $_GET['postId']. " AND Username = '$username'"; if (mysql_query($queryDelete))// Bad validation co...