Tradecraft is the techniques and procedures of espionage — used in red teaming interchangeably with TTPs. OPSEC (Operational Security) is the discipline of identifying critical information and controlling whether your actions can be observed by the adversary (in our case, the blue team). Decepticon does not treat tradecraft as a postscript. The DO and DON’T principles below are codified into agent middleware, skill defaults, and the bash tool’s prompt detection — so the agent operates the way a competent human red teamer would, by default.Documentation Index
Fetch the complete documentation index at: https://docs.decepticon.red/llms.txt
Use this file to discover all available pages before exploring further.
DO
Log everything
Every command, every output, every finding — to PostgreSQL, with engagement tag and timestamp. No silent actions.
Consult skills before execution
The SKILL-FIRST rule: agents must load the relevant skill before acting on a matching trigger. Skills carry tradecraft warnings inline.
Understand tool artifacts
Each skill documents what artifacts the tool leaves — registry keys, log entries, parent-process anomalies — so OPSEC tradeoffs are explicit.
Minimize C2 callbacks
Tier C2 by exposure. Long-haul callbacks for persistence, short-haul for active objectives, interactive only when needed.
Situational awareness post-access
After every initial access or pivot, run lightweight enumeration before noisy actions. Know the host before you make noise on it.
Built-ins before binaries
Prefer PowerShell, bash, and OS utilities to dropped binaries. Smaller artifact footprint, fewer EDR signals.
DON’T
Use untested tools on targets
Decepticon’s skills only reference tools that have been validated in the sandbox. Novel binaries are an OPSEC failure waiting to happen.
Use unencrypted C2
Sliver channels default to mTLS, HTTPS, or DNS. Plaintext C2 is forbidden by default in every Decepticon profile.
Execute from non-standard paths
Drop into
%TEMP% or unwritable system directories with care — these are the first paths defenders look at. Skills steer toward expected locations.Exfiltrate PII / HIPAA / PCI
The Defender and Soundwave middleware refuses objectives that would exfiltrate regulated data. Proof-of-access is not proof-of-exfil.
Skip deconfliction calls
If the operator pauses the engagement, the agent halts new objective scheduling. Deconfliction overrides momentum.
Operate outside the RoE
The EngagementContextMiddleware checks every iteration against the RoE. Out-of-scope actions are refused, not warned.
How Tradecraft Is Codified
These principles are not aspirational — they are middleware.| Principle | Enforcement Mechanism |
|---|---|
| Log everything | All tool calls persisted via the bash tool’s tier-1 capture, then to PostgreSQL |
| RoE compliance | EngagementContextMiddleware injects RoE/ConOps into every LLM call and rejects out-of-scope actions |
| OPSEC defaults | Skill frontmatter metadata.opsec_level informs the orchestrator of risk tier per action |
| C2 tier discipline | OPPLAN objectives carry c2_tier (INTERACTIVE, SHORT_HAUL, LONG_HAUL); orchestrator enforces use |
| Built-ins first | The shared/opsec skill is loaded by default and steers agents toward LOLBins and OS utilities |
| Deconfliction | CLI pause primitive halts new objective scheduling without tearing down sessions |
Tradecraft and the Threat Profile
Tradecraft is not generic — it is profile-specific. AUTOBANK’s tradecraft is loud-and-fast (financially motivated, smash-and-grab); CYBERSNAKE’s is slow-and-patient (espionage). Decepticon enforces the active profile’s tradecraft, not an abstract ideal. When the orchestrator schedules an objective, it asks: “Would the threat actor in our profile do this, this way, at this cadence?” If the answer is no, the objective is reframed or rejected.OPPLAN System
How OPPLAN objectives carry the tradecraft constraints into agent execution.