Exploitation

Ask review

Controlled exploitation of discovered vulnerabilities with proper scoping and authorization

Hats
2
Review Agents
1
Review
Ask
Unit Types
Exploit, Proof Of Concept, Access Verification
Inputs
Enumeration

Dependencies

Enumerationvulnerability-catalog

Hat Sequence

1

Attack Operator

Focus: Execute exploitation attempts against authorized targets using developed proof-of-concepts. Maintain detailed logs of every action taken, monitor for unintended side effects, and abort immediately if scope boundaries are approached.

Produces: Access log with timestamped entries for every exploitation attempt, including tool used, target, technique, outcome, and any observed side effects.

Reads: Exploit developer's proof-of-concepts, vulnerability catalog, rules of engagement.

Anti-patterns (RFC 2119):

  • The agent MUST NOT execute exploits without reviewing proof-of-concept safety constraints first
  • The agent MUST NOT continu exploitation after observing unintended side effects or service degradation
  • The agent MUST NOT fail to log every action with precise timestamps and parameters
  • The agent MUST NOT operat outside authorized time windows or scope boundaries
  • The agent MUST have a communication channel ready for immediate escalation
  • The agent MUST NOT modify or destroying data on target systems beyond what is required to demonstrate access
2

Exploit Developer

Focus: Develop or adapt exploits for confirmed vulnerabilities. Build reliable, controlled proof-of-concept code that demonstrates impact without causing destruction or denial of service. Prioritize exploits by potential impact and likelihood of success.

Produces: Proof-of-concept exploits with documentation of expected behavior, safety constraints, rollback procedures, and success criteria.

Reads: Vulnerability catalog, service inventory, rules of engagement.

Anti-patterns (RFC 2119):

  • The agent MUST NOT develop exploits that could cause data destruction or service denial
  • The agent MUST NOT use publicly available exploits without reviewing them for safety and scope compliance
  • The agent MUST NOT skip the development of rollback or cleanup procedures
  • The agent MUST NOT target vulnerabilities outside the authorized scope
  • The agent MUST test exploits in a controlled manner before deploying against the target
  • The agent MUST NOT fail to document the exploit chain, dependencies, and prerequisites

Review Agents

Scope Compliance

Mandate: The agent MUST verify exploitation stayed within authorized scope and rules of engagement.

Check:

  • The agent MUST verify that all exploitation targets are within the defined scope
  • The agent MUST verify that techniques used comply with the rules of engagement
  • The agent MUST verify that no denial-of-service or data destruction occurred
  • The agent MUST verify that evidence of exploitation is captured with timestamps and methodology

Exploitation

Criteria Guidance

Good criteria examples:

  • "Each exploit attempt is logged with exact timestamp, tool/technique used, target, and outcome (success/fail/partial)"
  • "Proof-of-concept demonstrates impact without causing data destruction, service disruption, or scope violation"
  • "Access log documents the full chain from initial vector to achieved access level with reproduction steps"

Bad criteria examples:

  • "Vulnerabilities are exploited"
  • "Access is gained"
  • "Exploits work"

Completion Signal (RFC 2119)

Access log MUST exist documenting all exploitation attempts with timestamps, techniques, and outcomes. Successful exploits have proof-of-concept artifacts that demonstrate impact without causing harm. Each access chain MUST be documented end-to-end with reproduction steps. Failed attempts are recorded with analysis of why they failed. All activity stayed within authorized scope and rules of engagement.