TEMPEST slides are posted at : /defcon/TEMPEST.pptx

These are the slides from my talk at defcon demolabs and red team village on 08/10/2024.

TEMPEST c2: Intro

When I really started to write the Tempest framework, was when I really committed to writing a c2 framework. It's a big commitment. I have long since lost track of the daunting number of hours that I've put into this project over the past year. I have a new respect for anyone who tries to tackle such long projects. For anyone who sees the Tempest project and decides to write their own c2 framework for the first time, know that the main thing you'll need is persistence. Just keep doing it.

Full list of AI resources shared by Nicole Carignan (VP AI Strategy Darktrace) on recent 'whoami' podcast apppearance:

In this article, we will examine some of the emerging use cases for the inclusion of AI in Red Team operations. We will not attempt to examine all cases, but to hone in on a few which I feel are "just around the corner" and also the most immediately impactful to the security space. Namely, we will cover the use of AI for operational decision making, code generation, and runtime code synthesis. I'd like to include 'AI as a C2', but that should probably get it's own post (soon).

So let's examine the 3 use cases I've identified so far:

I'd like to preface this write-up by first making fun of myself from the future. Not long from now, the title of this article will be akin to saying "Driving with a car" or "Cooking with electricity". You won't need or want to specify the AI part, that will just be assumed. It won't be "coding with AI", just coding.

Now that I've got that out of my system, let's get into it.