veekaybee

Anti-hype LLM reading list

Goals: Add links that are reasonable and good explanations of how stuff works. No hype and no vendor content if possible. Practical first-hand accounts of models in prod eagerly sought.

Foundational Concepts

Pre-Transformer Models

buzzer-re

# A Python script using LIEF to search a specific exported function name in a directories
# This is useful when you don't know the DLL name but (somehow) knows the exported function name
import sys
import lief
import os
import logging

lief.logging.set_level(lief.logging.LOGGING_LEVEL.CRITICAL)

DLL_CHAR = 0x2000

buzzer-re

# Clean PE files that have a lot of junk after its end to avoid AV scanners and slow down analysis tools

import pefile
import sys
import os

TRESHOLD = 100

if __name__ == '__main__':
    if len(sys.argv) < 2:

Neo23x0

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

rusty-snake

# Copyright © 2021 rusty-snake
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all

hsinhoyeh

# background: when you run python code with command mode (aka -c ), inspect module can't work well as it didn't 
# serialize commands into .py file. instead we can leverage dill to handle marshal or unmarshal functions for us.
# in this example, we wrap it into a python declarator.

# pip install dill

def inspectMe(f):
    import dill as pickle
    import base64
    def wrapper(*arg, **kwargs):

brentxphillips

# prints a string letter-by-letter

def num_letter_test(x):
    string_input = x
    string_len = len(string_input)
    counter = 0
    for i in range(string_len):
        print(string_input[counter])
        counter += 1

sysgoblin

[16Shop]		    104.248.55.11		web.verify-acc.amz2020.app-lockedaccesverifed000.com		susuayahtegantung@yandex.com, teguh@ganteng.cokkk
[16Shop]		    104.31.64.248		appleupdates-verificationrequired.com		markpope90@gmail.com, admin@16shop.us
[16Shop]		    134.122.1.92		web.amazon.aws.services-auth-follow.loginsupport.org		vrt.dsf@yandex.com, admin@16shop.us
[16Shop]		    157.230.126.157		billingsecure.amazon.com.dsabekogia.com		titiw.kriket@yandex.com, aws_amazon@berbies2019.com
[16Shop]		    161.117.250.188		auth-verify.paypal.idwebscr.webapps23687618.tempekjaran1.com		parahyangancrew@gmail.com, ace@ace.com
[16Shop]		    162.144.98.230		manage-secure.information-paypal.gaspolinaja.com		bpentol@yandex.com, aws_paypal@berbies2019.com
[16Shop]		    162.144.98.230		secure-paypal.bangetdivorce.com		doubleantbot@yandex.com, dino@dbsg.us
[16Shop]		    162.214.49.197		authorized2-signin-amazon.camdvr.org		
[16Shop]		    162.214.50.13		signin-webrecovery-br8eapple.serveuser.com		ghanbakeloer@gmail.com, resultmrsukarelap

lkdocs

def verify_sign(public_key_loc, signature, data):
    '''
    Verifies with a public key from whom the data came that it was indeed 
    signed by their private key
    param: public_key_loc Path to public key
    param: signature String signature to be verified
    return: Boolean. True if the signature is valid; False otherwise. 
    '''
    from Crypto.PublicKey import RSA 
    from Crypto.Signature import PKCS1_v1_5