BlackHat Go Skill: Security Techniques Knowledge Base
Status: ✅ Production Ready
Source: "Black Hat Go" by Steele, Patten, Kottmann (No Starch Press)
Extended: Chapters 15-37 (macOS, Cloud, Mobile, IoT, SupplyChain, API, Web3, AI, RedTeam, ATT&CK, LLM)
AAIF Integration: MCP-native, AGENTS.md compliant, goose-compatible
Overview
Structured knowledge base of offensive security techniques implemented in Go:
- 186 Techniques across 37 chapters
- 36 Tools (stdlib + third-party)
- 33 Defenses with effectiveness ratings
- 6 Exploitation relationships
- 103 Passing Tests (including adversarial bisimulation)
AAIF Integration (Agentic AI Foundation)
This skill is designed for multiplayer human-agent security games in the AAIF ecosystem:
Core AAIF Projects Integrated
| Project | Role | Integration | |---------|------|-------------| | MCP (Model Context Protocol) | Agent-tool connectivity | Techniques exposed as MCP tools | | goose | Local-first agent framework | Attack chain execution | | AGENTS.md | Project-specific guidance | Security context for agents |
Multiplayer Game Architecture
┌─────────────────────────────────────────────────────────────────────────────┐
│ AAIF MULTIPLAYER SECURITY GAME │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Browser Clients (CatColab + Automerge CRDT) │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Human 🧑 │ │ Agent 🤖 │ │ Human 🧑 │ │ Agent 🤖 │ │
│ │ Attacker │ │ Defender │ │ Arbiter │ │ Observer │ │
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
│ │ │ │ │ │
│ └─────────────┴──────┬──────┴─────────────┘ │
│ │ │
│ WebSocket / MCP │
│ │ │
│ ┌──────────────┴──────────────┐ │
│ │ Automerge Doc Server │ │
│ │ (CRDT Real-time Sync) │ │
│ └──────────────┬──────────────┘ │
│ │ │
│ ┌──────────────┴──────────────┐ │
│ │ CatColab Backend │ │
│ │ (Double Category Theory) │ │
│ │ • Reachability Analysis │ │
│ │ • Bisimulation Checking │ │
│ │ • GF(3) Conservation │ │
│ └─────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Three Worlds for Multiplayer Games
| World | Seed | Operator | Game Type | Players | |-------|------|----------|-----------|---------| | 🔴 ZAHN | 1069 | ⊗ tensor | Ungar Games | Attack chain validation | | 🟢 JULES | 69 | ⊕ coproduct | Bisimulation | Defense equivalence | | 🔵 FABRIZ | 0 | ⊛ convolution | Both/Neither | Arbiter/Observer |
Chapter Index
| Chapters | Domain | Techniques | |----------|--------|------------| | 1-14 | Core (Book) | Foundation, Network, Web, Windows, Crypto, RAT | | 15-24 | macOS | TCC, Keychain, Persistence, Kernel, EDR Bypass | | 25 | Cloud | K8s Pod Escape, AWS SSRF, Container Enum | | 26 | Mobile | APK Analysis, Frida, ADB, SSL Pinning | | 27 | IoT | Firmware, MQTT, CoAP, UART, ZigBee | | 28 | Supply Chain | Dependency Confusion, CI/CD Injection, Lockfile | | 29 | API Security | GraphQL, OAuth, JWT, BOLA | | 30 | Web3/Blockchain | Reentrancy, Flash Loans, Wallet Drainer | | 31 | AI/ML Security | Prompt Injection, Model Poisoning, Jailbreaks | | 32 | Red Team Infra | Redirectors, Phishing Infra, C2 Rotation | | 33 | Reconnaissance | Active Scanning, OSINT, Network Gathering (ATT&CK TA0043) | | 34 | Resource Dev | Infrastructure, Capabilities, Accounts (ATT&CK TA0042) | | 35 | Collection | Data Harvesting, Audio/Screen Capture (ATT&CK TA0009) | | 36 | Lateral Movement | Remote Services, Session Hijacking (ATT&CK TA0008) | | 37 | LLM/GenAI | OWASP Top 10 LLM 2025, RAG Poisoning, Prompt Leakage |
NEW: Adversarial Bisimulation Games
The knowledge base includes three game types from gayzip.gay:
Join-Semilattice for Security States
The join-semilattice enables Ungar Games by providing:
- Partial order on attack/defense states (more compromised > less compromised)
- Least upper bounds (joins) for combining observations
- Prerequisite chains as lattice paths (order matters!)
// SecurityState represents a point in the attack/defense lattice
type SecurityState struct {
TechniquesExecuted []string // Attack surface
DefensesActive []string // Protection layer
RiskLevel int // Cumulative risk (0-10)
Compromised bool // System compromised?
}
// Join computes least upper bound
joined := lattice.Join(state1, state2)
// - Techniques: UNION (more attacks)
// - Defenses: INTERSECTION (only surviving defenses)
// - Risk: MAX
Ungar Game (Order Matters)
In Ungar Games, attack chains must respect prerequisites:
game := NewUngarGame(kb)
// WRONG ORDER - will fail!
game.AttackerMove("tcp-proxy") // Error: requires tcp-port-scan first!
// CORRECT ORDER (Ungar constraint satisfied)
game.AttackerMove("go-concurrency") // No prereqs
game.AttackerMove("tcp-port-scan") // Requires go-concurrency ✓
game.AttackerMove("tcp-proxy") // Requires tcp-port-scan ✓
Bisimulation Game (Order Agnostic)
Two security states are bisimilar if the Attacker cannot distinguish them:
bisim := NewBisimulationGame(kb, state1, state2)
if bisim.AreBisimilar() {
// Defender wins: states are observationally equivalent
// For every attack in state1, Defender can match in state2
}
GF(3) Conservation
Every round maintains GF(3) trit conservation:
Attacker move: trit = -1 (attack)
Defender move: trit = +1 (defend)
Arbiter verify: trit = 0 (balance)
─────────────────────────────────────
Sum ≡ 0 (mod 3) ✓
AAIF Committee Participation Skills
How to Succeed on Technical Committees
This skill includes patterns for effective participation in AAIF and similar open source governance:
1. MCP Technical Steering Committee (TSC)
Key responsibilities:
- Protocol specification evolution
- Security model review
- Interoperability testing
Success patterns:
# AGENTS.md for MCP TSC Participation
## Context
You are participating in the MCP Technical Steering Committee.
## Decision Framework
1. **Backward Compatibility**: Never break existing MCP servers
2. **Security First**: All changes reviewed for attack surface
3. **Minimal Specification**: Only specify what's necessary
4. **Reference Implementation**: Changes must have working code
## Voting Protocol
- Lazy consensus for minor changes
- 2/3 majority for breaking changes
- Binding votes from TSC members only
## Communication
- Use GitHub Issues for proposals
- RFC process for major changes
- Weekly sync calls (recorded)
2. goose Maintainer Best Practices
Agent framework governance:
# AGENTS.md for goose Contribution
## Architecture Decisions
- Local-first: Never require cloud by default
- MCP-native: All tools exposed via MCP
- Extensible: Plugin architecture for custom tools
## Review Checklist
□ Does this work offline?
□ Is the MCP interface clean?
□ Are there integration tests?
□ Is the documentation updated?
## Release Process
1. Feature freeze (2 weeks before)
2. RC testing with AAIF members
3. Changelog review
4. Tag and publish
3. Cross-Foundation Coordination
Working across AAIF, LF AI & Data, CNCF:
# Multi-Foundation Participation
## Overlapping Interests
- AAIF: Agentic AI protocols (MCP, AGENTS.md)
- LF AI & Data: ML infrastructure (PyTorch, ONNX)
- CNCF: Cloud native (Kubernetes, envoy)
## Coordination Patterns
1. **Joint Working Groups**: Propose cross-foundation WGs
2. **Specification Alignment**: Ensure MCP works with CNCF networking
3. **Shared Governance**: Learn from CNCF's graduated project model
## Committee Meeting Preparation
- Read agenda 24h before
- Prepare 1-2 specific proposals
- Identify blocking issues early
- Follow up in writing within 48h
Multiplayer Security Exercise Examples
Example 1: Browser-Based CTF with Human + Agent Teams
Setup: CatColab diagram with attack/defense morphisms
// CatColab model for security game
const securityGame = {
theory: "th_bisimulation_adversarial",
objects: [
{ id: "initial", type: "SecurityState" },
{ id: "compromised", type: "SecurityState" },
{ id: "defended", type: "SecurityState" }
],
morphisms: [
{ id: "tcp-scan", src: "initial", tgt: "initial", type: "Attack" },
{ id: "ids-deploy", src: "initial", tgt: "defended", type: "Defense" },
{ id: "exploit", src: "initial", tgt: "compromised", type: "Attack" }
]
};
// Reachability query: Can attacker reach 'compromised'?
const result = await catcolab.subreachability(model, {
tokens: { "initial": 1 },
forbidden: { "compromised": 1 }
});
// result: true (forbidden state is reachable)
Example 2: MCP-Based Agent Attack Chain
goose agent executing attack chain:
# goose workflow for security testing
name: attack-chain-validation
description: Validate attack chain ordering via MCP
tools:
- mcp://blackhat-go/techniques
- mcp://blackhat-go/defenses
- mcp://catcolab/reachability
steps:
- name: Load knowledge base
tool: blackhat-go/load-kb
- name: Propose attack chain
tool: blackhat-go/validate-chain
params:
techniques:
- go-concurrency
- tcp-port-scan
- tcp-proxy
- name: Check reachability
tool: catcolab/reachability
params:
initial: { "defended": 0, "compromised": 0 }
forbidden: { "compromised": 1 }
Example 3: Real-Time Multiplayer via Automerge
WebSocket game synchronization:
// Connect to CatColab Automerge server
const repo = new Repo({
network: [new BrowserWebSocketClientAdapter("wss://catcolab.io/automerge")]
});
// Join security game document
const handle = repo.find(gameDocId);
// Human player makes attack move
handle.change(doc => {
doc.moves.push({
player: "human-attacker",
action: "AttackerMove",
technique: "tcp-port-scan",
trit: -1, // GF(3)
timestamp: Date.now()
});
});
// Agent defender responds (via MCP)
const agentResponse = await mcp.invoke("blackhat-go/defender-move", {
gameState: handle.doc(),
defense: "ids-ips"
});
// Arbiter verifies GF(3) conservation
const balance = doc.moves.reduce((sum, m) => sum + m.trit, 0);
console.assert(balance % 3 === 0, "GF(3) violated!");
High-Risk Techniques (Risk ≥ 8)
// From kb.GetHighRiskTechniques(8) - 30+ techniques:
cicd-injection // Ch.28, Risk: 10, SupplyChain
smart-contract-reentrancy // Ch.30, Risk: 10, Web3
flash-loan-exploit // Ch.30, Risk: 10, Web3
private-key-extract // Ch.30, Risk: 10, Web3
k8s-pod-escape // Ch.25, Risk: 10, Cloud
process-injection // Ch.12, Risk: 10, Windows
rat-implant // Ch.14, Risk: 10, Evasion
dependency-confusion // Ch.28, Risk: 9, SupplyChain
oauth-token-theft // Ch.29, Risk: 9, API
wallet-drainer // Ch.30, Risk: 9, Web3
model-poisoning // Ch.31, Risk: 9, AI
Categories Summary
| Category | Count | Chapters | Risk Range | |----------|-------|----------|------------| | Foundation | 4 | 1 | 0 | | Network | 12 | 2,5,6 | 2-8 | | Web | 15 | 3,4 | 2-8 | | Exploitation | 6 | 9 | 5-10 | | Evasion | 12 | 13,14 | 3-10 | | Crypto | 7 | 11 | 2-3 | | Windows | 4 | 12 | 4-10 | | macOS | 50 | 15-24 | 2-10 | | Cloud | 5 | 25 | 3-10 | | Mobile | 5 | 26 | 3-8 | | IoT | 5 | 27 | 4-8 | | SupplyChain | 5 | 28 | 7-10 | | API | 5 | 29 | 4-9 | | Web3 | 5 | 30 | 7-10 | | AI | 11 | 31, 37 | 6-9 | | RedTeam | 5 | 32 | 4-7 | | Reconnaissance | 6 | 33 | 2-5 | | ResourceDev | 5 | 34 | 4-7 | | Collection | 5 | 35 | 4-7 | | LateralMovement | 5 | 36 | 6-8 |
Key Go Packages by Domain
Core
| Package | Purpose | Chapters |
|---------|---------|----------|
| net | TCP/UDP sockets | 2, 5 |
| net/http | HTTP client/server | 3, 4 |
| crypto/* | Encryption, hashing | 11 |
| syscall | Windows API | 12 |
| debug/macho | Mach-O parsing | 15 |
Extended
| Package | Purpose | Chapters |
|---------|---------|----------|
| k8s.io/client-go | Kubernetes API | 25 |
| github.com/eclipse/paho.mqtt.golang | MQTT | 27 |
| github.com/ethereum/go-ethereum | Ethereum | 30 |
| github.com/golang-jwt/jwt/v5 | JWT | 29 |
| golang.org/x/oauth2 | OAuth 2.0 | 29 |
| gonum.org/v1/gonum | ML/Scientific | 31 |
| net/http/httputil | Reverse Proxy | 32 |
| github.com/projectdiscovery/nuclei | Vuln Scanning | 33 |
| github.com/sashabaranov/go-openai | OpenAI API | 37 |
| github.com/pgvector/pgvector-go | Vector DB | 37 |
Defense Effectiveness
| Defense | Effectiveness | Mitigates | |---------|--------------|-----------| | Hardware Wallet | 95% | private-key-extract, wallet-drainer | | MFA | 95% | credential-harvester, pass-the-hash | | SIP Enabled | 95% | nvram-persist, dyld-injection | | Zero Trust | 85% | remote-services, session-hijacking | | IMDSv2 | 90% | aws-metadata-ssrf, cloud-cred-harvest | | JWT Validation | 90% | jwt-none-alg, oauth-token-theft | | EDR | 85% | process-injection, rat-implant | | Smart Contract Audit | 85% | reentrancy, flash-loan-exploit | | CI/CD Hardening | 85% | cicd-injection, build-artifact-poison | | SBOM Verification | 80% | dependency-confusion, typosquatting | | RAG Guardrails | 75% | rag-poisoning, vector-embedding-attack |
Usage Patterns
Query by Chapter
kb := LoadBlackHatKnowledge()
ch33 := kb.GetTechniquesByChapter(33) // Reconnaissance
ch36 := kb.GetTechniquesByChapter(36) // Lateral Movement
ch37 := kb.GetTechniquesByChapter(37) // LLM/GenAI
Query by Category
recon := kb.GetTechniquesByCategory("Reconnaissance")
lateral := kb.GetTechniquesByCategory("LateralMovement")
ai := kb.GetTechniquesByCategory("AI")
Ungar Game (Attack Chain Validation)
game := NewUngarGame(kb)
// Execute attack chain (order matters!)
game.AttackerMove("go-concurrency")
game.AttackerMove("tcp-port-scan")
game.DefenderMove("ids-ips")
game.ArbiterVerify()
game.PrintTranscript() // Colored output
Bisimulation (State Equivalence)
s1 := &SecurityState{TechniquesExecuted: []string{"tcp-port-scan"}}
s2 := &SecurityState{TechniquesExecuted: []string{"tcp-port-scan"}}
bisim := NewBisimulationGame(kb, s1, s2)
if bisim.AreBisimilar() {
fmt.Println("States are observationally equivalent")
}
Validate Attack Chain
chain := ValidateChain(kb, []string{
"go-concurrency",
"tcp-port-scan",
"tcp-proxy",
})
if chain.IsValid {
fmt.Println("Chain is Ungar-compliant (order respected)")
} else {
fmt.Println("Errors:", chain.Errors)
}
Build and Test
cd ~/ies/music-topos
go test -v ./... # Run all 103 tests
go run . # Print knowledge base summary
CatColab Integration
Double Theory for Bisimulation Games
// packages/catlog/src/stdlib/theories.rs
/// The theory of adversarial bisimulation games.
///
/// Object types:
/// - SecurityState: points in the attack/defense lattice
/// - Player: Attacker(-1), Defender(+1), Arbiter(0)
///
/// Morphism types:
/// - Attack: state transitions (ordered by prerequisites)
/// - Defense: mitigation deployments
/// - Verify: arbiter checks (GF(3) conservation)
pub fn th_bisimulation_adversarial() -> DiscreteDblTheory {
let mut cat = FpCategory::new();
// Object types
cat.add_ob_generator(name("SecurityState"));
cat.add_ob_generator(name("Player"));
// Morphism types with GF(3) semantics
cat.add_mor_generator(name("Attack"), name("SecurityState"), name("SecurityState"));
cat.add_mor_generator(name("Defense"), name("SecurityState"), name("SecurityState"));
cat.add_mor_generator(name("Verify"), name("SecurityState"), name("SecurityState"));
// Attack chains compose (Ungar: order matters)
cat.equate(
Path::pair(name("Attack"), name("Attack")),
name("Attack").into()
);
// Defense is idempotent
cat.equate(
Path::pair(name("Defense"), name("Defense")),
name("Defense").into()
);
// Attack + Defense + Verify = Identity (GF(3) conservation)
cat.equate(
Path::Seq(nonempty![name("Attack"), name("Defense"), name("Verify")]),
Path::empty(name("SecurityState"))
);
cat.into()
}
Reachability Analysis for Security Games
// packages/catlog/src/stdlib/analyses/bisimulation.rs
/// Check if attacker can reach compromised state from initial state
pub fn attack_reachability(
model: &DiscreteDblModel,
initial: &SecurityState,
target: &SecurityState
) -> bool {
// Use existing reachability infrastructure
let data = ReachabilityProblemData {
tokens: state_to_tokens(initial),
forbidden: state_to_tokens(target),
};
!subreachability(model.into_modal(), data)
}
/// Check if two security states are bisimilar
pub fn check_bisimilar(
model: &DiscreteDblModel,
s1: &SecurityState,
s2: &SecurityState
) -> bool {
// For every attack from s1, check s2 can match
let attacks_from_s1 = get_attacks(model, s1);
let attacks_from_s2 = get_attacks(model, s2);
attacks_from_s1.iter().all(|a1| {
attacks_from_s2.iter().any(|a2| {
attack_equivalent(a1, a2)
})
}) && attacks_from_s2.iter().all(|a2| {
attacks_from_s1.iter().any(|a1| {
attack_equivalent(a1, a2)
})
})
}
AAIF Governance Patterns
Proposal Template for AAIF TSC
# RFC: Bisimulation Game Protocol Extension
## Summary
Add adversarial game semantics to MCP for security analysis.
## Motivation
Security testing requires ordered attack chains (Ungar games) and
equivalence checking (bisimulation games). Current MCP lacks game-theoretic
primitives.
## Proposal
### New MCP Message Types
```json
{
"type": "game/move",
"role": "attacker" | "defender" | "arbiter",
"action": {
"technique": "tcp-port-scan",
"prerequisites": ["go-concurrency"]
},
"trit": -1 | 0 | 1,
"state_hash": "abc123"
}
GF(3) Conservation Invariant
Every game round MUST satisfy:
sum(moves.map(m => m.trit)) ≡ 0 (mod 3)
Backward Compatibility
Fully backward compatible - new message types are optional.
Security Considerations
- Attack chains validated against prerequisite graph
- GF(3) conservation prevents game state tampering
- Arbiter role required for state transitions
Implementation
Reference implementation in goose: goose-bisim-game
### Committee Meeting Participation Checklist
```markdown
## Pre-Meeting (24h before)
□ Review agenda and attached materials
□ Identify items requiring your input
□ Prepare 1-2 specific proposals or questions
□ Check for blocking issues needing resolution
## During Meeting
□ Arrive 5 minutes early for tech check
□ Keep comments focused and time-boxed
□ Use "+1" for agreement, don't repeat points
□ Take notes on action items assigned to you
## Post-Meeting (within 48h)
□ Review meeting notes/recording
□ Complete assigned action items
□ Follow up on any blocking issues in writing
□ Update relevant GitHub issues/PRs
File Locations
music-topos/blackhat_knowledge.go # Main knowledge base (3200+ lines)
music-topos/blackhat_knowledge_test.go # 79 tests
music-topos/bisimulation_adversarial.go # Ungar/Bisim games (600+ lines)
music-topos/bisimulation_adversarial_test.go # 24 tests
plurigrid/asi/skills/blackhat-go/SKILL.md # This skill (AAIF-enhanced)
Related AAIF Projects
| Project | URL | Integration | |---------|-----|-------------| | MCP | github.com/modelcontextprotocol | Technique exposure | | goose | block.github.io/goose | Agent execution | | AGENTS.md | agents.md | Context specification | | CatColab | catcolab.io | Diagram collaboration |
MCP Dev Summit 2026
Next Event: New York City, April 2-3, 2026
CFP Open: Submit proposals for security game presentations
URL: events.linuxfoundation.org/mcp-dev-summit-north-america/
"For AI agents to reach their full potential, developers and enterprises need trustworthy infrastructure and accessible tools to build on." — Nick Cooper, OpenAI
r2con Speaker Resources
| Speaker | Handle | Repository | Relevance | |---------|--------|------------|-----------| | oleavr | oleavr | frida-core | Dynamic instrumentation for mobile/desktop security | | oleavr | oleavr | cryptoshark | Self-modifying code analysis | | cryptax | cryptax | droidlysis | Android malware automated analysis | | cryptax | cryptax | APKiD | Android application identifier (packers, protectors) | | iGio90 | iGio90 | Dwarf | Full-featured Frida GUI debugger |