This talk introduces, demonstrates, and explains the construction methodology of Andromeda; A command and control (C2) / implant framework that leverages large language models (LLMs) to dynamically instantiate position implicit byte code as a means of performing dynamic remote functionality execution. The implant works by transmitting a dynamically constructed collection of offsets to instrumented native library functions (along with some basic system metadata) to the C2. The C2 is an LLM agent that leverages a large collection of AI skills to take instructions from an operator in plain verbiage, before subsequently using it's skills collection to dynamically construct byte code designed to satisfy the operator's request. This byte code is then transmitted downstream to the implant instances that in turn execute the byte code in a continuous execution cycle.

In the presentation, the novel-ness of this approach will be presented as an iteration on earlier capabilities (such as Metasploit's "Rail-Gun"), as well as the pros vs cons of transferring elements of runtime complexity (such as behavioral obfuscation) to the C2 vs the Implant, as is more typical in C2/Implant frameworks.