Agentic RE: Automating Reverse Engineering & Vulnerability Research with AI - John McIntosh - DCSG2026
Name of Training: Agentic RE: Automating Reverse Engineering & Vulnerability Research with AI
Trainer(s): John McIntosh
Dates: April 26-27, 2026
Time: TBD
Venue: Marina Bay Sands
Early Bird Cost (GST included): $3,643 USD / equivalent to $4,700 SGD
Early bird price valid until February 8, 2026.
Short Summary:
Reverse engineering is entering the Agentic Era. Turn AI into a force multiplier for real‑world reverse engineering.
In this two‑day, hands‑on progression, you’ll explore the intersection of security research, vulnerability analysis, and agentic AI—learning how to pair traditional RE skills with private LLM stacks and custom Model Context Protocol servers. You’ll leave with AI‑powered workflows that accelerate understanding, surface weaknesses, and streamline your analysis.
Course Description:
Reverse engineering is evolving beyond static tools and manual workflows. This two-day, hands-on course introduces a new paradigm: Agentic Workflows. By combining large language models (LLMs), the Model Context Protocol (MCP), and reverse engineering tools like Ghidra, participants will learn how to design, configure, and orchestrate AI-powered systems that automate and accelerate binary analysis.
Rather than focusing on a single operating system, the course demonstrates how agentic pipelines can be applied across Windows, Apple, and Android. Students will see how MCP servers and AI-assisted workflows adapt to different platforms, enabling reproducible analysis and vulnerability triage in diverse environments.
By the end of the course, participants will have built a reproducible agentic AI workflow capable of analyzing software, surfacing potential vulnerabilities, validating, and triaging results across multiple platforms.
Course Outline:
Day 1 – Foundations & Stack Setup
- The Agentic Era: how LLMs transform reverse engineering and vulnerability research
- LLM basics: tokens, embeddings, quantization (overview only)
- Model selection & hardware trade-offs (7B, 13B, 70B models, QLoRA)
- Model Context Protocol (MCP): exposing RE tools to LLMs
- Why local LLMs matter: privacy, reproducibility, control
- Local LLM stack setup (Ollama, OpenWebUI, LM-Studio, GhidraMCP)
- Agentic-assisted reverse engineering (LLM explains and annotates code)
- Using AI to dive into new research areas
Day 2 – MCP Development & Agentic Workflow Orchestration
- MCP server basics (Python + FastAPI)
- Custom Ghidra MCP (headless scripting, function listings)
- SAST meets LLMs: leveraging context to discover vulnerabilities (Semgrep / CodeQL + LLMs)
- Learn lessons from recent DARPA AIxCC contest winners and insights from agentic bug-finding systems
- Programming with LLMs: context engineering, handling non-determinism
- Securing agentic workflows (prompt injection, sanitization)
- LLM orchestration with DSPy
- Advanced prompt optimization (MiPROv2, GEPA)
- RE HUD prototype using Streamlit/Chainlit
- Capstone: students combine deterministic RE tools with agentic reasoning to build reliable, integrated workflows for LLM‑enhanced binary analysis
If you’re a reverse‑engineering analyst aiming to speed up your understanding, an AI developer curious about applying agentic workflows to real security problems, or a vulnerability researcher exploring how AI can uncover new weaknesses, this course is built for you.
Difficulty Level:
Advanced - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.
Students should be comfortable with common reverse‑engineering tools, have a basic understanding of modern AI concepts, and be able to write or modify Python scripts. You don’t need deep expertise, but familiarity will help you get the most out of the hands‑on work.
Suggested Prerequisites:
- Reverse engineering experience (familiarity with Ghidra, IDA, or similar tools)
- Basic vulnerability research knowledge (common bug classes, analysis workflows)
- Comfort with Python scripting and basic development (installing, debugging, running scripts)
- Experience using recent LLM capabilities in workflows, or at least leveraging AI to improve day-to-day tasks
What Students Should Bring:
System Requirements & Alternatives:
- Optional - A machine capable of running at least an 8B model (e.g., Qwen3 or Llama)
- Recommended: modern GPU (RTX 3060 or Apple M-series) and 16GB+ RAM for smooth performance. Quantized models are ideal for laptops or mid-tier GPUs
- If student hardware doesn’t meet these specs, students can still participate using free tiers of frontier models or the instructor provided LLM access; setup instructions for both local and remote-friendly options will be provided
Software Requirements:
- Python 3.11+
- Docker to run OpenWebUI and Ollama (non-Docker installation also supported)
- git, linux style command-line
What the Trainer Will Provide:
- Preconfigured VM images and containerized stacks
- Annotated materials and scripts
- Documentation and reproducible workflows
- Experiment scaffolding
- Setup instructions for frontier models if laptop hardware can’t meet GPU requirements
Trainer(s) Bio:
John McIntosh (@clearbluejar) is a security researcher and lead instructor @clearseclabs, a company that offers hands-on training and consulting for reverse engineering and offensive security. He is the author of pyghidra-mcp, a Python-based Ghidra MCP server designed for agentic workflows and reproducible automation. He presented this work as a patch diffing agentic workflow at Objective by the Sea v8 (Reverse Engineering Apple Security Updates).
John has taught related workshops at major conferences, including:
- Supercharging Ghidra: Build Your Own Private Local LLM RE Stack with GhidraMCP, Ollama, and OpenWebUI (Ringzer0 Training)
- Offensive Security Tool Development with Ghidra: From Custom CLI Tools to an MCP Server (Recon 2025)
With over a decade of offensive security experience, John has spoken and taught at Ringzer0, 44CON, Objective by the Sea, and Recon. He regularly blogs on clearbluejar.github.io, publishing detailed write-ups on reversing CVEs and building RE tooling with Ghidra. His teaching emphasizes reproducibility, transparency, and contributor empowerment — bridging deterministic analysis with AI-driven reasoning to accelerate vulnerability research.
Registration Terms and Conditions:
Trainings are refundable before March 27, 2026, minus a non-refundable processing fee of $250.
Between March 27, 2026 and April 21, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.
All trainings are non-refundable after April 21, 2026.
Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.
DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.