Build and extend an agentic macOS command platform.
This expert track starts from a working MacSec Agentic C2 codebase and teaches operators how to turn macOS red-team knowledge into a human-commanded agentic system: beacon tasking, CoreML metadata payload delivery, server-side LLM reasoning, tool routing, context window control, MITRE mapping, KPI/KRI dashboards, approval gates, denial feedback, and auditable execution.
Students extend real source code instead of only reading theory: build the beacon path, wire an LLM operator brain, add local model scoring, improve the console, validate every command with evidence, and keep execution behind human-in-the-loop approval for authorized lab operations.
DEF CON prebooking promotional offer. Full course access opens on Jul 30.
Agentic Operations Doctrine and Source Orientation
Orient inside the provided MacSec Agentic C2 source code, define the human-commanded operating model, and prove the approve, deny, feedback, kill-switch, and audit flow with real artifacts.
Mac-Native Beacon and Tasking Foundation
Extend the provided Objective-C beacon and tasking path: enrollment, task envelopes, command execution, result return, retry behavior, offline recovery, and proof in the operator console.
macOS Reconnaissance Sensor Layer
Build structured macOS recon data from Apple-native evidence and make that host state usable by both the operator and the agentic decision layer.
Technique Knowledge Base and Retrieval
Turn macOS red-team techniques into structured data the agent can retrieve, score, cite, and use before proposing operator action.
Context Window and Memory Engineering
Prevent stale, bloated, or misleading context from breaking agentic decisions by adding evidence references, summaries, memory layers, and denial feedback memory.
Planning Agent and Campaign Graphs
Move from operator objective to reviewed plan tree with decomposition, fallback graphing, risk scoring, temporal pacing, plan validation, and HITL checkpoints.
LangGraph and LangChain-Style Tool Routing
Build the agent workflow around explicit tools, structured outputs, routing graphs, retries, recovery paths, and human approval interrupts.
CoreML Metadata Payload Channel
Implement and validate the Apple-specific CoreML metadata tasking path with encoding, extraction, integrity checks, expiry, replay protection, and tamper evidence.
Local ML and CoreML Decision Support
Add local ML decision support on top of the command platform: feature engineering, classifier training, CoreML conversion, inference, and LLM-versus-local-model comparison.
LLM Operator Brain and HITL Workflow
Build a server-side LLM operator loop with provider isolation, prompt contracts, structured proposals, approval and denial workflows, and hallucination guardrails.
Observation, OPSEC, KPI, and KRI Engine
Derive operational intelligence from real task execution history: expected versus observed behavior, OPSEC health, MITRE mapping, KPI, KRI, and dashboard proof.
Adaptation Engine and Human Escalation
Teach the agent to adapt from real feedback and results without guessing: triggers, fallback selection, substitution logic, ambiguous output handling, and escalation.
Commander Console and Enterprise Workflow
Improve the console toward enterprise-grade operator workflow: approval UX, output rendering, RBAC, case IDs, evidence retention, and auditable operator actions.
Security Hardening and Abuse Resistance
Prevent the platform itself from becoming the weak point by validating secret handling, signed requests, replay windows, engagement isolation, rate limits, and audit trails.
Simulation Range and Benchmarking
Measure whether the agent improves across synthetic targets, detection injection, tool-choice scoring, context degradation, memory regression, and repeated runs.
Enterprise Extension Capstone
Extend MacSec Agentic C2 with a meaningful enterprise-grade capability, validate it with real beacon activity, run a full operation, and defend the design.