Rafal Janicki bl4de

Demystifying the Modern AI Tech Stack: A Developer's Guide

Objective: To provide readers with a foundational understanding of the concepts, components, and tools that constitute modern AI applications, from simple generative models to complex autonomous agents. This document can serve as a reference guide for building the next generation of AI-powered products.

Section 1: The Core Engine - Understanding Large Language Models (LLMs)

This section introduces the fundamental building block of the current AI revolution: the Large Language Model (LLM). Almost every modern AI application starts here.

What are LLMs?

Large Language Models are advanced neural networks, most commonly based on the Transformer architecture, trained on massive amounts of text and code. They are not sentient, nor do they "understand" in a human sense. Instead, they are incredibly sophisticated pattern-recognition engines.

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

Yesterday I posted a little quiz on Twitter about HTML parsing.

The question was: what element is going to be the parent of the final <s> in the following snippet of HTML:

<div><table><svg><foreignObject><select><table><s>

The final answers are:

Scripts developed for solving HackerOne H1-702 2019 CTF

image_extract.py performs character extraction on targetted against the HackerOne H1-702 CTF announcement image
decrypt_sqli.py performs blind sqli data extraction with encrypted payloads targetting against the FliteThermostat API
timing_attack.py performs an HTTP piplining based timing against the FliteThermostat Backend
wordlist_generator.py generates wordlists from a give corpus or set of corpuses
httplib.py performs efficient asynchronous HTTP requests against the FliteThermostat Backend

	<?php

	/**
	* Server Dashboard - Simplified System Information Display
	* This file contains functions to retrieve system information and display it in a server dashboard.
	* The functions include getting basic server info, CPU info, memory usage, disk usage, uptime, load average,
	* network interfaces, and process list.
	*
	* @author Zxce3
	* @version 2.0

	<?php

	//php gd-gif.php image.gif gd-image.gif

	$gif = imagecreatefromgif($argv[1]);
	imagegif($gif, $argv[2]);
	imagedestroy($gif);
	?>

	#!/bin/bash

	url='rawsec.ml'

	domains=$(curl $url -s \| grep -E 'https?://[^"]*' \| cut -d '/' -f 3 \| cut -d '"' -f 1 \| uniq)

	filename='/tmp/temporary_ips.txt'

	for domain in $domains
	do

	/
	$$$lang-translate.service.js.aspx
	$367-Million-Merger-Blocked.html
	$defaultnav
	${idfwbonavigation}.xml
	$_news.php
	$search2
	£º
	.0

	#include <time.h> // Robert Nystrom
	#include <stdio.h> // @munificentbob
	#include <stdlib.h> // for Ginny
	#define r return // 2008-2019
	#define l(a, b, c, d) for (i y=a;y\
	<b; y++) for (int x = c; x < d; x++)
	typedef int i;const i H=40;const i W
	=80;i m[40][80];i g(i x){r rand()%x;
	}void cave(i s){i w=g(10)+5;i h=g(6)
	+3;i t=g(W-w-2)+1;i u=g(H-h-2)+1;l(u

	#!/usr/bin/python

	# Author: Adam Jordan
	# Date: 2019-02-15
	# Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
	# PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)


	import argparse
	import jenkins