§ Trackr.Live
Latest writing

Notes from Trackr.Live

The landing site for Trackr Services

Artificial Intelligence

Invisible Unicode Tags Smuggle Instructions Past Your LLM Filter. The Detection Is a Byte Pattern on the Raw Stream

A block of Unicode characters that renders as nothing can carry a full paragraph of instructions into your LLM, and your content filter can miss it because it inspects a sanitized or transformed representation while the model receives the original code points. Here is where the detection actually has to live, and what you spend the first week of tuning on.

·
CM

A Systemd Generator Executes Before Your Logging Is Up. Catch the Write, Not the Run

System-level systemd generators run as root at the earliest moment of boot, before auditd, before the EDR agent, before your normal journald/syslog/audit telemetry is reliably up. You will never see the execution. Here is how to build the detection that actually works — file writes and baseline reconciliation — and what breaks it the first week.

·
AU

ESXi Can Write Its Logs to a RAM Disk. Ransomware Counts on It

On an ESXi host without persistent scratch, /var/run/log lives on an in-memory ramdisk and evaporates at the next boot. Ransomware crews get the same effect for free — they power off, kill, or reboot the workloads before encrypting — which means your entire forensic timeline had to be forwarded off-box before the incident or it never existed at all.

·