Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.decepticon.red/llms.txt

Use this file to discover all available pages before exploring further.

Kill Chain Orchestration

Once the OPPLAN is generated, Decepticon’s orchestrator takes over. It iterates through objectives autonomously, executing a full kill chain — reconnaissance, exploitation, privilege escalation, lateral movement, and persistence. This isn’t a linear script. The orchestrator adapts in real time based on what each agent discovers.

Execution Loop

1

Select Next Objective

The orchestrator picks the next pending objective from the OPPLAN, resolving dependencies and prioritizing based on kill chain phase.
2

Build Context

A prompt is constructed with the objective details, RoE guard rails, available skills, and relevant findings from previously completed objectives.
3

Spawn Fresh Agent

A new agent instance is spawned with a clean context window. No accumulated noise from prior objectives — fresh reasoning every time.
4

Execute

The agent executes the objective using available tools and skills within the Kali sandbox. All commands run inside persistent tmux sessions with interactive prompt detection.
5

Parse Results

The orchestrator parses the agent’s PASSED / BLOCKED signal, updates the objective status, and appends findings to disk.
6

Iterate

Move to the next objective. Findings from completed objectives inform subsequent agents, enabling multi-stage attack chains.

Fresh Context Per Objective

This is a critical design decision. Each agent spawns with a clean context window per objective — preventing context degradation across a long engagement.
Why this matters:
  • No accumulated noise — Agent reasoning doesn’t degrade as the engagement progresses
  • Clean state — Each objective gets full attention without irrelevant context from prior phases
  • Persistent findings — Results are saved to disk, not agent memory. The orchestrator injects only relevant prior findings into each new agent’s context

Interactive Shell Sessions

Real offensive security tools are interactive — sliver-client, msfconsole, evil-winrm, sqlmap, impacket-psexec. They don’t just take a command and exit. They drop you into a prompt and expect a conversation. Most AI agents can’t handle this. They fire one-shot commands via subprocess.run() and call it a day. Decepticon runs every command inside persistent tmux sessions with automatic prompt detection:
  • When a tool presents an interactive prompt (sliver >, msf6 >, PS C:\>), the agent detects it and sends follow-up commands
  • Parallel named sessions — multiple tool sessions running concurrently
  • Control signalsC-c, C-z support for managing interactive processes
  • Stall detection — recognizes when a command hangs and takes corrective action
The agent actually operates the tools — the same way a human operator would.

RoE Enforcement

At every iteration, the orchestrator validates that the next action falls within the Rules of Engagement. If an objective would violate scope, timing, or technique boundaries defined in the RoE, it is automatically blocked.

Skill System

Learn about the progressive skill system that equips agents with ATT&CK-mapped capabilities.