To fully grasp Decepticon’s identity as an Autonomous Hacking Agent, it is essential to understand the fundamental differences between Vulnerability Assessment, Penetration Testing, and Red Team Engagement. Decepticon explicitly targets the methodology of the last — and adds a fourth, machine-speed mode on top.Documentation Index
Fetch the complete documentation index at: https://docs.decepticon.red/llms.txt
Use this file to discover all available pages before exploring further.
The Three Disciplines
The security testing landscape forms an inverted pyramid: vulnerability assessments at the wide base (broad, shallow), penetration tests in the middle (targeted, deeper), and red team engagements at the apex (scenario-driven, full-organization).Vulnerability Assessment
Identify technical flaws across a wide attack surface. Output: a list.
Penetration Test
Exploit those flaws to prove attack paths within a targeted scope.
Red Team Engagement
Train and measure the defenders by emulating a real adversary end-to-end.
Side-by-Side Comparison
The following framing is adapted from the canonical comparison published by redteam.guide — extended with a fourth column for the autonomous-agent mode Decepticon enables.| Aspect | Vulnerability Assessment | Penetration Test | Red Team Engagement | Autonomous Red Team (Decepticon) |
|---|---|---|---|---|
| Goal | Identify technical flaws | Exploit flaws to prove attack paths | Train and measure blue team effectiveness | Continuously rehearse the blue team against an AI adversary |
| Scope | Wide, shallow | Targeted systems | Full organization | Full organization, programmatically expandable |
| Focus | Technology | Technology | People, processes, and technology | People, processes, technology — driven by an OPPLAN |
| Duration | Days | 1–2 weeks | 2–6 weeks | Hours to continuous (machine-speed loops) |
| Threat Model | CVE-based | Attack surface | Adversary emulation | Adversary emulation, dynamic per engagement |
| Risk Measurement | Attack-surface reduction | Technical exploit impact | Security operations assessment | Operations assessment + regression coverage over time |
| Output | Vulnerability list | Exploit evidence and attack paths | Security operations assessment | OPPLAN-tagged findings, attack graph, remediation patches |
The fourth column is not a replacement for human red teams — it is the same discipline, scaled. Humans set the Rules of Engagement, define objectives, and adjudicate findings; Decepticon executes the kill chain inside that envelope.
The Limitation of Traditional Pentesting
Traditional penetration testing focuses on evaluating security in silos — web, mobile, or external networks individually.- Siloed Evaluation: Pentesting might find SQL injection in a single web app, but it doesn’t test if defenders can detect an attacker using that web app as a proxy to pivot into the internal network.
- The Soccer Analogy: Pentesting is like practicing shooting, passing, and dribbling individually. These are essential skills, but practicing them in isolation for four years won’t prepare a team for the World Cup if they never play an 11-vs-11 match.
- The Real Limitation: Pentests fail to test how the organization’s overall security controls, blue team, and processes work together organically during a real, multi-stage attack.
Red Team Testing: The “Real Match”
Red Teaming is the actual 11-vs-11 practice match — a comprehensive adversarial simulation designed to test an organization’s holistic defense capabilities over an extended period (typically 4–8 weeks).Core Attributes of Red Teaming
- Holistic & Multi-Domain — Real attackers don’t attack just the web app and stop. They chain cloud, mobile, internal networks, and even physical or social engineering vectors. Red Teaming mirrors this.
- Stealth & Persistence — The primary goal is to remain undetected by the blue team. Red teamers operate quietly, evading SIEMs and EDRs, and maintain access (persistence) over long periods.
- Realistic Objectives — Instead of listing CVEs, the goal is practical: Can we access the SWIFT infrastructure? Can we exfiltrate dummy customer data without the blue team noticing?
- Threat Gets a Vote — Engagements are grounded in what real threats actually do, not just what defenders plan for. The threat profile drives the TTPs.
- Assumed Breach — If initial access (e.g., phishing) is blocked, red teamers shift to an “assumed breach” scenario: a beacon is planted internally to evaluate post-breach response, lateral-movement detection, and internal recon.
The Engagement Lifecycle: Get In, Stay In, Act
A red team engagement follows three phases — a model used widely across the industry and codified in the redteam.guide methodology:Get In
Initial access via the threat profile’s preferred vectors — phishing, exposed services, supply chain, social engineering. The objective is footprint, not noise.
Stay In
Establish persistence and command-and-control. Tier C2 channels (interactive / short-haul / long-haul). Maintain OPSEC. Survive defender response.
Why Decepticon Is an Autonomous Hacking Agent
Decepticon automates the Red Teaming mindset, not the pentest checklist. It does not blast a network with automated scanners — that would alert the blue team instantly. Instead, it reads the context of the environment. It maintains stealth, performs internal reconnaissance, executes lateral movement, and simulates assumed-breach scenarios autonomously. The kill chain is driven by an OPPLAN — a structured operations plan the agent generates from the operator’s RoE and ConOps before a single packet leaves the wire. By taking on the role of a relentless, AI-driven red team, Decepticon provides infinite offensive feedback. It is the Offensive Vaccine — training defense systems against the organic, stealthy realities of modern cyber threats rather than handing them a checklist of outdated software.Engagement Lifecycle
Get In, Stay In, Act — the three-phase lifecycle, mapped to Decepticon’s agents.
MITRE ATT&CK Integration
Tactics, Techniques, and Procedures — the shared vocabulary between threats and Decepticon.
Threat Emulation
How Decepticon turns a threat profile into an executable engagement.
Roles & Cells
Red Cell, Blue Cell, White Cell, Trusted Agent — and where Decepticon fits.