As Continuous Threat Exposure Management (CTEM) becomes a staple in enterprise security, the "Validation" phase—proving whether an exposure is practically exploitable—remains a manual bottleneck. Existing Breach and Attack Simulation (BAS) tools often rely on brittle, static scripts that crash against minor environmental differences or modern EDRs. Conversely, integrating cloud-based AI to automate this process introduces severe data privacy risks, making it unsuitable for air-gapped or strictly regulated environments.

This session shares our engineering journey of building an in-house, fully offline autonomous offensive framework designed to close the validation gap safely. We will explore how to bridge a cognitive engine (ASM and intelligence) with an execution engine (stateful exploitation) using local LLMs (e.g., via Ollama). Attendees will learn how we parse unstructured OSINT data to pre-render target-dependent payloads, and how we engineered a bounded State Machine that parses stderr logs in real-time. Instead of abruptly crashing, the framework performs "Intra-technique Self-healing"—dynamically mutating the payload's syntax to bypass blocks without hallucinating out-of-scope attacks.