Share
## https://sploitus.com/exploit?id=7AA32566-F0B6-5C96-933F-4E5A55E2CF36
# ExploitSLM v3 β Exploitation Agent
**Agentic SOC v3 | Agent #9: Exploitation Analysis**
Custom 47.2M parameter Small Language Model with 6 multi-task heads for automated exploit technique classification, kill-chain stage detection, threat actor attribution, success probability estimation, and target vector analysis.
## Architecture
```
ExploitationAgent (Orchestrator)
βββ ExploitIngestion β Ingest exploit events, alerts, IOCs
βββ TechniqueClassifier β SLM-powered ATT&CK technique classification
βββ KillChainAnalyzer β Cyber kill-chain stage detection (6 stages)
βββ ThreatActorAttributor β Contrastive embeddings for actor clustering
βββ ExploitSuccessEstimator β Binary success/failure prediction
βββ TargetVectorAnalyzer β Multi-label target platform analysis
βββ BeadMemoryInterface β Cross-agent correlation
βββ ExploitReportGenerator β Campaign reports, TTP summaries
```
## 6 Multi-Task Heads
| # | Task | Classes | Loss | Weight |
|---|------|---------|------|--------|
| 1 | Exploit Technique | 16 ATT&CK categories | CE+LS 0.1 | 0.25 |
| 2 | Kill-Chain Stage | 6 (reconβpost-exploit) | CE+LS 0.1 | 0.20 |
| 3 | Severity/Impact | 5 (CriticalβInfo) | CE+LS 0.05 | 0.15 |
| 4 | Threat Actor | 128-dim contrastive | InfoNCE Ο=0.07 | 0.10 |
| 5 | Exploit Success | Binary (success/blocked) | BCE | 0.15 |
| 6 | Target Vector | 10 multi-label platforms | BCE | 0.15 |
## Quick Start
```python
from agent.exploit_agent import ExploitationAgent
import asyncio
agent = ExploitationAgent()
events = [
{"text": "[EXPLOIT] SUCCESS: RCE via CVE-2024-1234. Cobalt Strike beacon. Actor: APT29.", "source": "EDR"},
{"text": "[C2] Beacon: 10.0.1.5 β 203.0.113.50. HTTPS. Interval: 60s.", "source": "NDR"},
{"text": "[LATERAL] SMB lateral movement: 10.0.1.5 β 10.0.1.20. Pass-the-hash.", "source": "SIEM"},
]
campaign = asyncio.run(agent.execute_analysis(events, bead_chain_id="chain-incident-1"))
report = agent.get_report(campaign.campaign_id)
```
## 16 Exploit Technique Classes (ATT&CK-aligned)
Phishing Payload, Drive-by Download, Exploit Public App, Supply Chain,
Valid Accounts Abuse, Command Injection, SQL Injection, Buffer Overflow,
Privilege Escalation (Kernel/Service), Credential Dumping,
Lateral Movement (SMB/RDP), C2 Beacon, Data Exfiltration, Ransomware
## Integration Points
- **Input**: EDR alerts, NDR events, SIEM logs, threat intel feeds
- **Bead Memory**: Reads forensic/investigation context, writes exploit assessments
- **Output**: Attack campaigns to Investigation Agent (#4), IOCs to Threat Intel (#3)
- **66/66 tests passing**