Instructions to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with Transformers:

# Use a pipeline as a high-level helper
from transformers import pipeline

pipe = pipeline("text-generation", model="chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M")
messages = [
    {"role": "user", "content": "Who are you?"},
]
pipe(messages)

# Load model directly
from transformers import AutoModel
model = AutoModel.from_pretrained("chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M", dtype="auto")

llama-cpp-python

How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with llama-cpp-python:

# !pip install llama-cpp-python

from llama_cpp import Llama

llm = Llama.from_pretrained(
	repo_id="chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M",
	filename="mitre_qwen2.5_7b_Q4_K_M.gguf",
)

llm.create_chat_completion(
	messages = [
		{
			"role": "user",
			"content": "What is the capital of France?"
		}
	]
)

Notebooks
Google Colab
Kaggle
Local Apps

llama.cpp

How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with llama.cpp:

Install from brew

brew install llama.cpp
# Start a local OpenAI-compatible server with a web UI:
llama-server -hf chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M
# Run inference directly in the terminal:
llama-cli -hf chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M

Install from WinGet (Windows)

winget install llama.cpp
# Start a local OpenAI-compatible server with a web UI:
llama-server -hf chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M
# Run inference directly in the terminal:
llama-cli -hf chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M

Use pre-built binary

# Download pre-built binary from:
# https://github.com/ggerganov/llama.cpp/releases
# Start a local OpenAI-compatible server with a web UI:
./llama-server -hf chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M
# Run inference directly in the terminal:
./llama-cli -hf chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M

Build from source code

git clone https://github.com/ggerganov/llama.cpp.git
cd llama.cpp
cmake -B build
cmake --build build -j --target llama-server llama-cli
# Start a local OpenAI-compatible server with a web UI:
./build/bin/llama-server -hf chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M
# Run inference directly in the terminal:
./build/bin/llama-cli -hf chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M

Use Docker

docker model run hf.co/chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M

LM Studio
Jan

vLLM

How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with vLLM:

Install from pip and serve model

# Install vLLM from pip:
pip install vllm
# Start the vLLM server:
vllm serve "chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M"
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:8000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker

docker model run hf.co/chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M

SGLang

How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with SGLang:

Install from pip and serve model

# Install SGLang from pip:
pip install sglang
# Start the SGLang server:
python3 -m sglang.launch_server \
    --model-path "chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M" \
    --host 0.0.0.0 \
    --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker images

docker run --gpus all \
    --shm-size 32g \
    -p 30000:30000 \
    -v ~/.cache/huggingface:/root/.cache/huggingface \
    --env "HF_TOKEN=<secret>" \
    --ipc=host \
    lmsysorg/sglang:latest \
    python3 -m sglang.launch_server \
        --model-path "chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M" \
        --host 0.0.0.0 \
        --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Ollama
How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with Ollama:
```
ollama run hf.co/chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M
```

Unsloth Studio new

How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with Unsloth Studio:

Install Unsloth Studio (macOS, Linux, WSL)

curl -fsSL https://unsloth.ai/install.sh | sh
# Run unsloth studio
unsloth studio -H 0.0.0.0 -p 8888
# Then open http://localhost:8888 in your browser
# Search for chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M to start chatting

Install Unsloth Studio (Windows)

irm https://unsloth.ai/install.ps1 | iex
# Run unsloth studio
unsloth studio -H 0.0.0.0 -p 8888
# Then open http://localhost:8888 in your browser
# Search for chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M to start chatting

Using HuggingFace Spaces for Unsloth

# No setup required
# Open https://huggingface.co/spaces/unsloth/studio in your browser
# Search for chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M to start chatting

Pi new

How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with Pi:

Start the llama.cpp server

# Install llama.cpp:
brew install llama.cpp
# Start a local OpenAI-compatible server:
llama-server -hf chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M

Configure the model in Pi

# Install Pi:
npm install -g @mariozechner/pi-coding-agent
# Add to ~/.pi/agent/models.json:
{
  "providers": {
    "llama-cpp": {
      "baseUrl": "http://localhost:8080/v1",
      "api": "openai-completions",
      "apiKey": "none",
      "models": [
        {
          "id": "chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M"
        }
      ]
    }
  }
}

Run Pi

# Start Pi in your project directory:
pi

Hermes Agent new

How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with Hermes Agent:

Start the llama.cpp server

# Install llama.cpp:
brew install llama.cpp
# Start a local OpenAI-compatible server:
llama-server -hf chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M

Configure Hermes

# Install Hermes:
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash
hermes setup
# Point Hermes at the local server:
hermes config set model.provider custom
hermes config set model.base_url http://127.0.0.1:8080/v1
hermes config set model.default chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M

Run Hermes

hermes

Docker Model Runner
How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with Docker Model Runner:
```
docker model run hf.co/chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M
```

Lemonade

How to use chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M with Lemonade:

Pull the model

# Download Lemonade from https://lemonade-server.ai/
lemonade pull chrisbst48/MITRE_QWEN2.5_7b_Q4_K_M:Q4_K_M

Run and chat with the model

lemonade run user.MITRE_QWEN2.5_7b_Q4_K_M-Q4_K_M

List all available models

lemonade list

MITRE_QWEN2.5_7b_Q4_K_M / README.md

chrisbst48

Update README.md

2dfe26e verified 11 days ago

preview code

raw

history blame contribute delete

7.1 kB

	---
	language:
	- en
	- fr
	license: apache-2.0
	base_model: unsloth/Qwen2.5-7B-Instruct
	tags:
	- cybersecurity
	- mitre-attack
	- threat-intelligence
	- cti
	- qlora
	- unsloth
	- qwen2.5
	- fine-tuned
	pipeline_tag: text-generation
	library_name: transformers
	extra_gated_prompt: >
	This model is designed for defensive cybersecurity research, threat
	intelligence analysis, and authorized security operations only.
	By accessing this model, you confirm that you will use it solely
	for lawful and defensive purposes, and not to facilitate unauthorized
	access, attacks, or any malicious activity.
	extra_gated_fields:
	Organization: text
	Use case: text
	I confirm this will be used for defensive purposes only: checkbox
	---

	# Qwen2.5-7B — MITRE ATT&CK CTI Specialist

	> A fine-tuned language model specialized in cyber threat intelligence, trained to identify and chain MITRE ATT&CK techniques from natural language attack scenario descriptions.

	---

	## Model Overview

	\| \| \|
	\|---\|---\|
	\| Base model \| `unsloth/Qwen2.5-7B-Instruct` \|
	\| Method \| QLoRA 4-bit (r=16, alpha=16) \|
	\| Languages \| English / French \|
	\| Domain \| Cybersecurity — CTI — MITRE ATT&CK v15 \|
	\| Output format \| Structured JSON \|
	\| Status \| Preview v1 \|

	Given a textual description of an attack scenario, this model produces a structured attack chain with MITRE ATT&CK technique IDs, names, descriptions, a confidence level, and underlying assumptions.

	---

	## Usage

	### Prompt Format

	```
	### Instruction
	Analyze the following text and identify the MITRE ATT&CK techniques involved.
	Generate a structured attack chain.

	### Context
	{your_scenario_here}

	### Response
	```

	### Recommended System Prompt

	```
	You are an expert in offensive cybersecurity and cyber threat intelligence (CTI).
	You analyze attack scenarios and identify MITRE ATT&CK techniques with precision,
	including sub-techniques (e.g. T1059.003).
	You ALWAYS respond in structured JSON with exactly these fields:
	scenario_summary, attack_chain (list of technique_id, name, description),
	confidence_level (high/medium/low), assumptions.
	```

	### Example

	Input:
	```
	An attacker sends a spearphishing email with an obfuscated VBA macro attachment.
	The macro uses certutil.exe to decode a base64 payload and execute it.
	The payload establishes an HTTPS beacon via Azure CDN domain fronting every 4 hours,
	then dumps LSASS credentials using Mimikatz.
	```

	Output:
	```json
	{
	"scenario_summary": "Spearphishing → certutil decode → domain fronting C2 → LSASS dump",
	"attack_chain": [
	{
	"technique_id": "T1566.001",
	"name": "Spearphishing Attachment",
	"description": "Malicious attachment delivered via targeted email."
	},
	{
	"technique_id": "T1140",
	"name": "Deobfuscate/Decode Files or Information",
	"description": "Base64 payload decoded using certutil.exe."
	},
	{
	"technique_id": "T1090.004",
	"name": "Domain Fronting",
	"description": "C2 traffic routed through Azure CDN to mask true destination."
	},
	{
	"technique_id": "T1071.001",
	"name": "Web Protocols",
	"description": "C2 communication over HTTPS."
	},
	{
	"technique_id": "T1003.001",
	"name": "LSASS Memory",
	"description": "Credential extraction from LSASS process memory using Mimikatz."
	}
	],
	"confidence_level": "high",
	"assumptions": [
	"Macro enabled by user",
	"No outbound HTTPS filtering",
	"LSASS not protected by PPL"
	]
	}
	```

	### Python

	```python
	from transformers import AutoTokenizer, AutoModelForCausalLM
	import torch, json

	model_id = "YOUR_USERNAME/mitre-attack-qwen2.5-7b"

	tokenizer = AutoTokenizer.from_pretrained(model_id)
	model = AutoModelForCausalLM.from_pretrained(
	model_id,
	torch_dtype=torch.bfloat16,
	device_map="auto",
	)

	SYSTEM = (
	"You are a CTI expert specialized in MITRE ATT&CK. "
	"Always respond in structured JSON with: "
	"scenario_summary, attack_chain (technique_id, name, description), "
	"confidence_level, assumptions."
	)

	scenario = """
	An attacker exploits an SQL injection vulnerability on a public web application
	to drop a PHP webshell. Via the webshell, they steal IAM credentials from the
	EC2 metadata service and create a persistent IAM account to maintain access.
	"""

	prompt = f"""### Instruction
	Analyze the following text and identify the MITRE ATT&CK techniques involved.

	### Context
	{scenario.strip()}

	### Response
	"""

	messages = [
	{"role": "system", "content": SYSTEM},
	{"role": "user", "content": prompt},
	]

	inputs = tokenizer.apply_chat_template(
	messages,
	tokenize=True,
	add_generation_prompt=True,
	return_tensors="pt",
	).to(model.device)

	outputs = model.generate(
	inputs,
	max_new_tokens=512,
	temperature=0.1,
	do_sample=True,
	)

	response = tokenizer.decode(outputs[0][inputs.shape[1]:], skip_special_tokens=True)
	print(json.dumps(json.loads(response), indent=2))
	```

	### llama.cpp / Ollama (GGUF Q4_K_M)

	```bash
	# llama-server
	./llama-server \
	-m mitre_qwen2.5_7b_Q4_K_M.gguf \
	--port 10001 \
	--host 0.0.0.0 \
	-ngl 99 \
	-c 8192 \
	--temp 0.1

	# Ollama
	ollama create mitre-cti -f Modelfile
	ollama run mitre-cti
	```

	---

	## Training

	### Hyperparameters

	```yaml
	base_model: unsloth/Qwen2.5-7B-Instruct
	method: QLoRA
	quantization: 4-bit (bitsandbytes)
	lora_r: 16
	lora_alpha: 16
	lora_dropout: 0
	target_modules: [q_proj, k_proj, v_proj, o_proj,
	gate_proj, up_proj, down_proj]
	gradient_checkpointing: unsloth
	per_device_train_batch_size: 2
	gradient_accumulation_steps: 8
	effective_batch_size: 16
	num_train_epochs: 3
	learning_rate: 2.0e-4
	lr_scheduler_type: cosine
	warmup_ratio: 0.05
	optimizer: adamw_8bit
	max_seq_length: 2048
	bf16: true
	```

	### Training Metrics

	\| Metric \| Value \|
	\|---\|---\|
	\| Training Loss (final) \| 0.2670 \|
	\| Training Loss (selected checkpoint) \| 0.2068 \|
	\| Eval Loss (minimum) \| ~2.75 \|
	\| Total steps \| 4272 (3 epochs) \|



	---

	## Hardware Requirements

	\| Format \| Size \| Min VRAM \|
	\|---\|---\|---\|
	\| GGUF Q4_K_M \| ~4.8 GB \| 8 GB \|


	---

	## Ethical Use

	This model is intended for defensive cybersecurity purposes only — threat intelligence analysis, SOC operations, red team exercises within authorized engagements, and security research.

	Any use of this model to facilitate unauthorized access, attacks, or malicious activities is strictly prohibited.

	---

	## Citation

	```bibtex
	@misc{mitre-attack-qwen2.5-7b-2026,
	title = {Qwen2.5-7B MITRE ATT{&}CK CTI Specialist},
	author = {Chris E.},
	year = {2026},
	publisher = {Hugging Face},
	url = {[https://huggingface.co/chrisbst48/mitre-attack-qwen2.5-7b](https://huggingface.co/chrisbst48/mitre-attack-qwen2.5-7b)}
	}

	---
	```

	## License

	Apache 2.0 — inherited from the Qwen2.5 base model.