Command and Control frameworks are essential for red team operations, but their complex APIs and command syntax create friction during engagements. What if you could simply ask your C2 to create a listener, create a payload and interact with agents all by simple natural language
This hands-on workshop introduces the Model Context Protocol (MCP) — a standardized interface that lets AI assistants directly invoke tools and APIs. Attendees will build an MCP server that bridges natural language and Empire C2's REST API, enabling conversational red team operations.
Through practical exercises, you'll experience "vibe coding" — describing what you want in plain English while AI handles the implementation. By the end, you'll be issuing reconnaissance commands, executing modules, and managing agents through natural conversation with your AI assistant.
A rest API can be converted to a MCP in a matter of minutes.
Who Should Attend?
- Red team operators wanting to streamline C2 interactions
- Penetration testers curious about AI-augmented offensive operations
- Security professionals exploring AI coding assistants for tool development
- Anyone interested in practical MCP implementations for security tooling
Learning Objectives:
- Understand Model Context Protocol (MCP) architecture and its role in AI-tool integration
- Configure AI-assisted coding environments (Google Antigravity, Cline, or equivalent)
- Create an MCP server using FastMCP's OpenAPI integration with route filtering
- Implement tool transformations to make auto-generated APIs LLM-friendly
- Perform natural language C2 operations including agent enumeration, command execution, and credential harvesting
- Build API discovery tools that enable dynamic endpoint exploration
Technical Requirements:
- Ubuntu VM (22.04 or later) with sudo access
- Empire C2 framework installed and running (API accessible at localhost:1337)
- Target Windows VM for deploying payloads (with network connectivity to Ubuntu VM)
- Python 3.11+ with uv package manager installed
AI IDE Access (one of the following):
- Google Antigravity (free tier available) — STRONGLY PREFERRED
- VS Code with Cline extension + API key (OpenRouter, LiteLLM, or Claude API)
- Windsurf with API key
Recommended Knowledge:
- Basic familiarity with Empire C2 or similar frameworks
- Python fundamentals (no advanced skills required)
- Basic command line proficiency
Note: All code will be generated with AI assistance — the focus is on understanding architecture, not memorizing syntax.
This webcast supports content and knowledge from SANS SEC565: Red Team Operations and Adversary Emulation. To learn more about, access free resources, and explore upcoming sessions, Click Here.
