BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//talks.toorcon.net//toorcamp-2026//speaker//ZNLKW8
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-toorcamp-2026-3ZCJ3A@talks.toorcon.net
DTSTART;TZID=PST:20260627T150000
DTEND;TZID=PST:20260627T152000
DESCRIPTION:This talk introduces\, demonstrates\, and explains the construc
 tion methodology of Andromeda\; A command and control (C2) / implant frame
 work that leverages large language models (LLMs) to dynamically instantiat
 e position implicit byte code as a means of performing dynamic remote func
 tionality execution. The implant works by transmitting a dynamically const
 ructed collection of offsets to instrumented native library functions (alo
 ng with some basic system metadata) to the C2. The C2 is an LLM agent that
  leverages a large collection of `AI skills` to take instructions from an 
 operator in plain verbiage\, before subsequently using it's skills collect
 ion to dynamically construct byte code designed to satisfy the operator's 
 request. This byte code is then transmitted downstream to the implant inst
 ances that in turn execute the byte code in a continuous execution cycle.\
 n\nIn the presentation\, the novel-ness of this approach will be presented
  as an iteration on earlier capabilities (such as Metasploit's "Rail-Gun")
 \, as well as the pros vs cons of transferring elements of runtime complex
 ity (such as behavioral obfuscation) to the C2 vs the Implant\, as is more
  typical in C2/Implant frameworks.
DTSTAMP:20260625T234327Z
LOCATION:Prime Dome
SUMMARY:Presenting\, the Andromeda Strain - Vyrus
URL:https://talks.toorcon.net/toorcamp-2026/talk/3ZCJ3A/
END:VEVENT
END:VCALENDAR