CaptureTheFlag-CypherMindLLM-XRLAB-GGUF

CypherMind is a large-language model fine-tuned specifically for Capture-the-Flag (CTF) challenges and cybersecurity tasks.

It assists in solving CTF problems, analyzing security vulnerabilities, reverse engineering, cryptography challenges, and provides step-by-step exploit reasoning while maintaining ethical guidelines and safety constraints.

🚀 Quick Start

import torch
import subprocess
import sys
import os
import getpass

# 1. Install/Update base libraries
# We use '!' to run this as a shell command in the notebook
!pip install --upgrade "llama-cpp-python>=0.2.76" "huggingface_hub>=0.25.2"

# 2. Reinstall llama-cpp-python with CUDA support
if torch.cuda.is_available():
    print(f"CUDA available: {torch.cuda.get_device_name(0)}")
    print(f"VRAM: {torch.cuda.get_device_properties(0).total_memory / 1024**3:.2f} GB")
    
    # Uninstall existing version
    print("\nUninstalling existing llama-cpp-python...")
    !{sys.executable} -m pip uninstall -y llama-cpp-python
    
    # Reinstall with CUDA flags using the CMAKE_ARGS environment variable
    print("Reinstalling llama-cpp-python with CUDA support...")
    # Using '!' ensures the environment variable is correctly set for the shell command
    !CMAKE_ARGS="-DGGML_CUDA=on" FORCE_CMAKE=1 pip install llama-cpp-python --force-reinstall --no-cache-dir
    
    print("\n✅ CUDA-enabled installation attempted. Proceed to the next cell.")
else:
    print("CUDA not available. CPU-only installation used.")



import torch
import os
import getpass
from huggingface_hub import login
from llama_cpp import Llama

# 1. Check CUDA one more time (will confirm the environment is ready)
if torch.cuda.is_available():
    print(f"CUDA available: {torch.cuda.get_device_name(0)} (Confirmed)")
    # Set n_gpu_layers to -1 to load ALL layers onto the GPU.
    n_gpu_layers = -1
else:
    print("CUDA not available. Running on CPU.")
    n_gpu_layers = 0

# 2. Hugging Face Login
HF_TOKEN = os.environ.get("HF_TOKEN") or getpass.getpass("Hugging Face Token: ").strip()
login(token=HF_TOKEN, add_to_git_credential=False)

# 3. Model Loading
model_id = "ErenAta00/CaptureTheFlag-CypherMindLLM-XRLAB-GGUF"

print(f"\nLoading model with n_gpu_layers={n_gpu_layers}...")

llm = Llama.from_pretrained(
    repo_id=model_id,
    filename="cyphermind-q6_k.gguf",
    n_ctx=8192,
    n_gpu_layers=n_gpu_layers, # <-- THIS IS NOW SET TO -1
    verbose=True,
)

# 4. Generation Function
def generate(prompt, **kwargs):
    response = llm.create_chat_completion(
        messages=[{"role": "user", "content": prompt}],
        max_tokens=512,
        temperature=0.3,
        top_p=0.9,
        **kwargs
    )
    return response["choices"][0]["message"]["content"]

# 5. Run
prompt_text = "You are a penetration tester investigating a newly launched e-commerce platform. The platform uses a hidden internal API endpoint, /api/v1/user_data, which is protected by a client-side JavaScript access control mechanism. A quick review of the source code reveals the following comment in a script file: // Note: Authorization is checked client-side, but the API expects a 'user_id' parameter to fetch specific data. Assume the system has 100 users with IDs ranging from 1 to 100. Your task is to exploit this vulnerability by bypassing the client-side check to perform an Insecure Direct Object Reference (IDOR) attack. Specifically, determine the maximum valid user_id that returns the flag hidden within the data of the highest-numbered user. The flag format is FLAG{...}."
print(f"\nPrompt: {prompt_text}")
print("--- Generation Started ---")
print(generate(prompt_text))
print("--- Generation Finished ---")

🏗️ Model Details

Base	Llama-3.1-8B-Instruct
Seq Len	8,192 tokens
Quantization	Q6_K (6-bit)
Languages	EN, TR

✨ Key Features

Capability	Details
CTF Challenge Solving	Analyzes encoded artifacts, reverse engineering tasks, and cryptographic challenges with step-by-step reasoning.
Exploit Reasoning	Performs step-by-step vulnerability analysis (e.g., SQLi, XXE, deserialization) with code-level explanations. Generation of working PoC code.
Security Scenario Analysis	Generates structured security scenarios, attack chain analysis, and defensive strategies.
Log & Artifact Triage	Classifies and summarizes attack traces from SIEM, PCAP, or EDR JSON outputs.

Training Data Sources (curated)

• CTF challenge write-ups and solutions from public repositories.
• Security research papers and vulnerability analyses (NVD/CVE, VulnDB).
• Exploit development tutorials (with safety constraints).
• Cryptographic and reverse engineering documentation.
• Synthetic security scenarios auto-generated + human-vetted.

Note: No copyrighted exploit code or proprietary malware datasets were used. Dataset filtering removed raw shellcode/binary payloads.

Safety & Alignment

• Policy constraints inherited from Llama-3.1-8B-Instruct.
• Prohibits direct malware source code generation, ransomware builders, or instructions facilitating illicit activity.
• Maintains ethical guidelines for security research.
• Continuous evaluation via security-focused benchmarks.

📚 Prompting Guidelines

Goal	Template
CTF Challenge Analysis	`"ROLE: CTF player
OBJECTIVE: Recover the flag from the given artifact.
ARTIFACT - encoded.txt content: [BASE64_STRING]
..."`
Vulnerability Analysis	`"ROLE: Senior Pentester
OBJECTIVE: Analyse CVE-2023-XXXXX step by step..."`
Security Scenario Planning	"Plan an ATT&CK chain (Initial Access → Exfiltration) for an on-prem AD env..."
Log Triage	"Given the following Zeek logs, identify C2 traffic patterns..."

Use temperature=0.3, top_p=0.9 for deterministic reasoning; raise for brainstorming.

Model Tree

Base Model: meta-llama/Llama-3.1-8B

Finetuned: ErenAta00/CypherMind-Finetuned

Quantized: This model (ErenAta00/CaptureTheFlag-CypherMindLLM-XRLAB-GGUF)

License

This model is licensed under the Llama 3 Community License. See the LICENSE file for details.

It does not pursue any profit.

"Those who shed light on others do not remain in darkness..."

Finetuned by Eren Ata

---

Last updated: 2025-11-18 21:41:35