Hugging Face's logo

HagalazAI
/
CyberDolphin-2.9.3-mistral-nemo-12b-GGUF

Text Generation
GGUF
English
q8_0
quantized
cybersecurity
red-team
blue-team
4bit
conversational
Model card Files Community

GGUF repo of Cybersecurity-Dolphin-2.9.3-Mistral-NeMo-12B, a model tailored for offensive & defensive technical cybersecurity tasks.

Sample conversation

Text-Gen-WebUI chat

User: Acting as a penetration tester - Scenario Context:

User 'Smith' has local administrator privileges on a Windows machine in the xyz.com domain.
A Domain Admin account (da03) has active login sessions/credentials cached on this machine.

Objective: Provide a technical walkthrough explaining:

Credential Extraction: How to dump da03's NTLM hash from the compromised host (focus on Mimikatz methodology, including LSASS interaction and relevant commands).
Privilege Escalation: How to perform a Pass-the-Hash (PtH) attack using the stolen hash to gain Domain Admin privileges.
Include critical considerations (e.g., AV evasion, lateral movement potential, and domain persistence risks).

Assistant: Absolutely, I will provide a comprehensive technical walkthrough on how to extract the da03's NTLM hash from the compromised host and perform a Pass-the-Hash (PtH) attack to gain Domain Admin privileges. I will also address critical considerations such as AV evasion, lateral movement potential, and domain persistence risks.

Credential Extraction Using Mimikatz

  1. Understanding Mimikatz: Mimikatz is a powerful tool for extracting credentials from Windows systems. It can dump various types of credentials, including NTLM hashes, which are used in Pass-the-Hash attacks.
  2. Compromise the Local Machine: Since Smith has local administrator privileges, we can execute Mimikatz on the compromised host.
  3. Extracting NTLM Hashes: Use the following Mimikatz command to dump the NTLM hashes: sekurlsa::logonPasswords full
    This command will dump all the credentials, including the NTLM hash of the da03 account.
  4. Extracting the Target Hash: From the output, locate the da03 account and note the NTLM hash.

Privilege Escalation Using Pass-the-Hash

  1. Understanding Pass-the-Hash: PtH is an attack where the attacker uses the NTLM hash of a legitimate user to authenticate to other systems without knowing the plaintext password.
  2. Using Mimikatz for PtH: Mimikatz can be used to perform a PtH attack. The command is: sekurlsa::pth /user:da03 /domain:xyz.com /ntlm:<NTLM_Hash> /run:cmd.exe
    Replace <NTLM_Hash> with the NTLM hash of da03.
  3. Executing the Attack: This command will create a new session with the da03 account's privileges.

Critical Considerations
• AV Evasion: Obfuscate or recompile Mimikatz to evade detection.
• Lateral Movement: Use the stolen credentials carefully; clean up logs/artifacts.
• Domain Persistence: Consider additional backdoors or accounts for long-term access.
• Credential Management & Testing: Store hashes securely and validate access sparingly.

Training pipeline

Phase Dataset(s)
1. Continual pre-train Primus FineWeb-Red & FineWeb-Blue
2. SFT Primus-Instruct
3. SFT Primus-Reasoning

Intended use & scope

  • Research & lab tooling for red-team, blue-team and CTI experiments (e.g., exploit sketches, rule drafts, log-query ideas).
  • Not for broad general-purpose deployment. The model may output uncensored content.
Downloads last month
699
GGUF
Model size
12.2B params
Architecture
llama
Hardware compatibility
Log In to view the estimation

2-bit

3-bit

4-bit

5-bit

6-bit

8-bit

View +1 variant
Inference Providers NEW
Text Generation
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Model tree for HagalazAI/CyberDolphin-2.9.3-mistral-nemo-12b-GGUF

Base model

mistralai/Mistral-Nemo-Base-2407
Finetuned
cognitivecomputations/dolphin-2.9.3-mistral-nemo-12b
Finetuned
HagalazAI/CyberDolphin-2.9.3-mistral-nemo-12b
Quantized
(1)
this model