DO
Log everything
Every command, every output, every finding — to PostgreSQL, with engagement tag and timestamp. No silent actions.
Consult skills before execution
The SKILL-FIRST rule: agents must load the relevant skill before acting on a matching trigger. Skills carry tradecraft warnings inline.
Understand tool artifacts
Each skill documents what artifacts the tool leaves — registry keys, log entries, parent-process anomalies — so OPSEC tradeoffs are explicit.
Minimize C2 callbacks
Tier C2 by exposure. Long-haul callbacks for persistence, short-haul for active objectives, interactive only when needed.
Situational awareness post-access
After every initial access or pivot, run lightweight enumeration before noisy actions. Know the host before you make noise on it.
Built-ins before binaries
Prefer PowerShell, bash, and OS utilities to dropped binaries. Smaller artifact footprint, fewer EDR signals.
DON’T
Use untested tools on targets
Decepticon’s skills only reference tools that have been validated in the sandbox. Novel binaries are an OPSEC failure waiting to happen.
Use unencrypted C2
Sliver channels default to mTLS, HTTPS, or DNS. Plaintext C2 is forbidden by default in every Decepticon profile.
Execute from non-standard paths
Drop into
%TEMP% or unwritable system directories with care — these are the first paths defenders look at. Skills steer toward expected locations.Exfiltrate PII / HIPAA / PCI
The EngagementContext middleware refuses objectives that would exfiltrate regulated data. Proof-of-access is not proof-of-exfil.
Skip deconfliction calls
If the operator pauses the engagement, the agent halts new objective scheduling. Deconfliction overrides momentum.
Operate outside the RoE
The EngagementContextMiddleware checks every iteration against the RoE. Out-of-scope actions are refused, not warned.
How Tradecraft Is Codified
These principles are not aspirational — they are middleware.Tradecraft and the Threat Profile
Tradecraft is not generic — it is profile-specific. AUTOBANK’s tradecraft is loud-and-fast (financially motivated, smash-and-grab); CYBERSNAKE’s is slow-and-patient (espionage). Decepticon enforces the active profile’s tradecraft, not an abstract ideal. When the orchestrator schedules an objective, it asks: “Would the threat actor in our profile do this, this way, at this cadence?” If the answer is no, the objective is reframed or rejected.OPPLAN System
How OPPLAN objectives carry the tradecraft constraints into agent execution.
