{"product_id":"agentic-re-automating-reverse-engineering-vulnerability-research-with-ai-john-mcintosh-dctlv2026","title":"Agentic RE: Automating Reverse Engineering \u0026 Vulnerability Research with AI - John McIntosh - DCTLV2026","description":"\u003cp dir=\"ltr\"\u003e\u003cmeta charset=\"utf-8\"\u003e\u003cstrong\u003eName of Training\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Agentic RE: Automating Reverse Engineering \u0026amp; Vulnerability Research with AI\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eTrainer(s)\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e John McIntosh\u003cbr\u003e\u003c\/span\u003e\u003cspan\u003e\u003cmeta charset=\"utf-8\"\u003e \u003cstrong\u003eDates\u003c\/strong\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eAugust 10-11, 2026\u003cbr\u003e\u003cstrong\u003eTime:\u003c\/strong\u003e 8:00 am to 5:00 pm \u003cbr\u003e\u003cstrong\u003eVenue\u003c\/strong\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eLas Vegas Convention Center\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eCost\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e: \u003c\/strong\u003e$3,750\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eShort Summary:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003eReverse engineering is entering the Agentic Era. Turn AI into a force multiplier for real‑world reverse engineering.\u003c\/p\u003e\n\u003cp\u003eIn this two‑day, hands‑on progression, you’ll explore the intersection of security research, vulnerability analysis, and agentic AI—learning how to pair traditional RE skills with private LLM stacks and custom Model Context Protocol servers. You’ll leave with AI‑powered workflows that accelerate understanding, surface weaknesses, and streamline your analysis.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eCourse Description: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003eReverse engineering is evolving beyond static tools and manual workflows. This two-day, hands-on course introduces a new paradigm: Agentic Workflows. By combining large language models (LLMs), the Model Context Protocol (MCP), and reverse engineering tools like Ghidra, participants will learn how to design, configure, and orchestrate AI-powered systems that automate and accelerate binary analysis.\u003c\/p\u003e\n\u003cp\u003eRather than focusing on a single operating system, the course demonstrates how agentic pipelines can be applied across Windows, Apple, and Android. Students will see how MCP servers and AI-assisted workflows adapt to different platforms, enabling reproducible analysis and vulnerability triage in diverse environments.\u003c\/p\u003e\n\u003cp\u003eBy the end of the course, participants will have built a reproducible agentic AI workflow capable of analyzing software, surfacing potential vulnerabilities, validating, and triaging results across multiple platforms.\u003c\/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cmeta charset=\"utf-8\"\u003e \u003cstrong\u003eCourse Outline: \u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eDay 1 – Foundations \u0026amp; Stack Setup\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe Agentic Era: how LLMs transform reverse engineering and vulnerability research\u003c\/li\u003e\n\u003cli\u003eLLM basics: tokens, embeddings, quantization (overview only)\u003c\/li\u003e\n\u003cli\u003eModel selection \u0026amp; hardware trade-offs (7B, 13B, 70B models, QLoRA)\u003c\/li\u003e\n\u003cli\u003eModel Context Protocol (MCP): exposing RE tools to LLMs\u003c\/li\u003e\n\u003cli\u003eWhy local LLMs matter: privacy, reproducibility, control\u003c\/li\u003e\n\u003cli\u003eLocal LLM stack setup (Ollama, OpenWebUI, LM-Studio, GhidraMCP)\u003c\/li\u003e\n\u003cli\u003eAgentic-assisted reverse engineering (LLM explains and annotates code)\u003c\/li\u003e\n\u003cli\u003eUsing AI to dive into new research areas\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDay 2 – MCP Development \u0026amp; Agentic Workflow Orchestration\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eMCP server basics (Python + FastAPI)\u003c\/li\u003e\n\u003cli\u003eCustom Ghidra MCP (headless scripting, function listings)\u003c\/li\u003e\n\u003cli\u003eSAST meets LLMs: leveraging context to discover vulnerabilities (Semgrep \/ CodeQL + LLMs)\u003c\/li\u003e\n\u003cli\u003eLearn lessons from recent DARPA AIxCC contest winners and insights from agentic bug-finding systems\u003c\/li\u003e\n\u003cli\u003eProgramming with LLMs: context engineering, handling non-determinism\u003c\/li\u003e\n\u003cli\u003eSecuring agentic workflows (prompt injection, sanitization)\u003c\/li\u003e\n\u003cli\u003eLLM orchestration with DSPy\u003c\/li\u003e\n\u003cli\u003eAdvanced prompt optimization (MiPROv2, GEPA)\u003c\/li\u003e\n\u003cli\u003eRE HUD prototype using Streamlit\/Chainlit\u003c\/li\u003e\n\u003cli\u003eCapstone: students combine deterministic RE tools with agentic reasoning to build reliable, integrated workflows \u003cmeta charset=\"utf-8\"\u003e \u003cspan\u003efor LLM‑enhanced binary analysis\u003c\/span\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cspan\u003eIf you’re a reverse‑engineering analyst aiming to speed up your understanding, an AI developer curious about applying agentic workflows to real security problems, or a vulnerability researcher exploring how AI can uncover new weaknesses, this course is built for you.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eDifficulty Level:\u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eAdvanced - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eStudents should be comfortable with common reverse‑engineering tools, have a basic understanding of modern AI concepts, and be able to write or modify Python scripts. You don’t need deep expertise, but familiarity will help you get the most out of the hands‑on work.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eSuggested Prerequisites:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003eReverse engineering experience (familiarity with Ghidra, IDA, or similar tools)\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003eBasic vulnerability research knowledge (common bug classes, analysis workflows)\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003eComfort with Python scripting and basic development (installing, debugging, running scripts)\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003eExperience using recent LLM capabilities in workflows, or at least leveraging AI to improve day-to-day tasks\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat Students Should Bring: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003eSystem Requirements \u0026amp; Alternatives:\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eA laptop with 16GB+ RAM capable of running Docker and a Linux-style command line\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eA GPU is not required. LLM inference will be provided by the instructor during the course. Students who want to experiment with local models (e.g., Qwen3 8B via Ollama) on their own hardware can do so, but this is optional\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eSetup instructions for both local and instructor-hosted options will be provided before the course\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003eSoftware Requirements:\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003ePython 3.11+ \u003c\/li\u003e\n\u003cli\u003eDocker to run OpenWebUI and Ollama (non-Docker installation also supported)\u003c\/li\u003e\n\u003cli\u003egit, linux style command-line\u003cbr\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat the Trainer Will Provide:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003ePreconfigured VM images and containerized stacks\u003c\/li\u003e\n\u003cli\u003eAnnotated materials and scripts\u003c\/li\u003e\n\u003cli\u003eDocumentation and reproducible workflows\u003c\/li\u003e\n\u003cli\u003eExperiment scaffolding\u003c\/li\u003e\n\u003cli\u003eSetup instructions for frontier models if laptop hardware can’t meet GPU requirements\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eTrainer(s) Bio:\u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eJohn McIntosh\u003c\/strong\u003e (\u003ca href=\"https:\/\/x.com\/clearbluejar\"\u003e@clearbluejar\u003c\/a\u003e) is a security researcher and lead instructor @clearseclabs, a company that offers hands-on training and consulting for reverse engineering and offensive security. He is the author of \u003ca href=\"https:\/\/github.com\/clearbluejar\/pyghidra-mcp\"\u003epyghidra-mcp\u003c\/a\u003e, a Python-based Ghidra MCP server designed for agentic workflows and reproducible automation. He presented this work as a patch diffing agentic workflow at Objective by the Sea v8 (\u003ca href=\"https:\/\/objectivebythesea.org\/v8\/talks.html#:~:text=Reverse%20Engineering%20Apple%20Security%20Updates\"\u003eReverse Engineering Apple Security Updates\u003c\/a\u003e).\u003c\/p\u003e\n\u003cp\u003eJohn has taught related workshops at major conferences, including:\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cem\u003eSupercharging Ghidra: Build Your Own Private Local LLM RE Stack with GhidraMCP, Ollama, and OpenWebUI\u003c\/em\u003e (\u003ca href=\"https:\/\/ringzer0.training\/countermeasure25-workshop-supercharging-ghidra-build-your-own-private-local-llm-re-stack-with-ghidramcp-ollama-and-openwebui\/\"\u003eRingzer0 Training\u003c\/a\u003e)\u003c\/li\u003e\n\u003cli\u003e\n\u003cem\u003eOffensive Security Tool Development with Ghidra: From Custom CLI Tools to an MCP Server\u003c\/em\u003e (\u003ca href=\"https:\/\/cfp.recon.cx\/recon-2025\/talk\/WZHWNM\/\"\u003eRecon 2025\u003c\/a\u003e)\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003eWith over a decade of offensive security experience, John has spoken and taught at Ringzer0, 44CON, Objective by the Sea, and Recon. He regularly blogs on clearbluejar.github.io, publishing detailed write-ups on reversing CVEs and building RE tooling with Ghidra. His teaching emphasizes reproducibility, transparency, and contributor empowerment — bridging deterministic analysis with AI-driven reasoning to accelerate vulnerability research.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eRegistration Terms and Conditions: \u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTrainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBetween July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll trainings are non-refundable after August 5, 2026.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTraining tickets may be transferred to another student. Please email us at training@defcon.org for specifics.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIf a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eFailure to attend the training without prior written notification will be considered a no-show. No refund will be given.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eDEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBy purchasing this ticket you agree to abide by the \u003c\/span\u003e\u003ca href=\"https:\/\/defcon.org\/html\/links\/dc-code-of-conduct.html\"\u003e\u003cspan\u003eDEF CON Training Code of Conduct\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e and the registration terms and conditions listed above.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eSeveral breaks will be included throughout the day. Please note that food is not included.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.\u003c\/span\u003e\u003c\/p\u003e","brand":"Las Vegas 2026","offers":[{"title":"Course only - Aug 10-11","offer_id":47697629905114,"sku":null,"price":3550.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0629\/2088\/4442\/files\/building-agentic-re_mcintosh.png?v=1767478915","url":"https:\/\/training.defcon.org\/products\/agentic-re-automating-reverse-engineering-vulnerability-research-with-ai-john-mcintosh-dctlv2026","provider":"defcontrainings","version":"1.0","type":"link"}