Vibe Coding Your Own Evasion Framework: AI-Assisted Red Team Tool Development

Large Language Models have transformed how security professionals develop custom tooling. But asking an AI for "the whole application" often results in hallucinated APIs, inconsistent code, and tools you don't understand. This hands-on workshop introduces "vibe coding" - the practice of using AI to rapidly prototype security tools through iterative, grounded prompting.

Attendees will learn the "think then act" methodology: first using AI to create a detailed Product Requirements Document (PRD), then implementing features phase-by-phase with verification at each step. We'll apply this approach to build a functional shellcode loader generator with configurable evasion techniques.

By the end of this workshop, participants will have a working Dockerized web application that generates custom C# payloads with options including payload bloating, sleep delays, anti-sandbox checks, environmental keying, and entropy reduction - all created through AI-assisted development.

Who Should Attend?

• Red team operators
• Penetration testers
• Security professionals 
• Blue team members
• Anyone interested

Learning Objectives:

• Apply the "think then act" methodology for AI-assisted security tool development
• Write effective prompts that minimize LLM hallucinations using explicit constraints and concrete examples
• Create a Product Requirements Document (PRD) for custom security tooling using AI
• Implement common evasion techniques: payload bloating, sleep delays, anti-sandbox checks, and environmental keying
• Understand the difference between in-process shellcode execution and process injection techniques
• Verify AI-generated P/Invoke signatures against authoritative sources (pinvoke.net: the interop wiki!)

Technical Requirements:

• Ubuntu VM (22.04 LTS recommended) with Docker installed
• Empire C2 framework installed and running (for shellcode generation)
• Windows target VM for payload testing (Windows 10/11 with Defender disabled – yes this workshop is defense evasion, but it just covers the basics.)
• Google account with Google Antigravity installed (strongly preferred) OR API key for LLM access (LiteLLM, OpenRouter, or direct provider API)

Recommended Knowledge:

• Basic familiarity with Python and command-line tools
• Understanding of shellcode execution concepts (helpful but not required)
• Experience with Docker containers (helpful but not required)

This workshop supports content and knowledge from SEC565: Red Team Operations and Adversary Emulation To learn more about this course and explore upcoming sessions, Click Here.