Tool 94 — NIGHTFALL Offensive Framework — Layer 13: Autonomous Campaign

SPECTER VIPER

Autonomous Security AI Weaponisation Engine — turns the defender's own AI tools against them. Fingerprints, injects, misdirects, persists, and exploits write access across seven SOC AI platforms.

8Subsystems
314Tests
7Target Platforms
OPEN/INJECT/
UNLEASHEDGate
View Documentation All 94 Tools
Targets

Seven SOC AI Platforms

VIPER fingerprints and attacks the AI layer inside the defender's own security stack — the tools watching for threats become the attack surface.

COPILOT FOR SECURITY
Microsoft
CHARLOTTE AI
CrowdStrike
XSIAM / CORTEX AI
Palo Alto Networks
SECOPS GEMINI
Google Chronicle
AI ASSISTANT
Splunk
AI ASSISTANT
Elastic Security
PURPLE AI
SentinelOne
Architecture

8 Subsystems

Each subsystem targets a different attack vector against the SOC AI stack — from passive fingerprinting through active write-access exploitation.

01 · RECON
Platform Fingerprinting
HTTP probe, response header fingerprinting, TLS certificate inspection, capability mapping, and write-access detection across all 7 vendor platforms. Confidence-scored SOCPlatform objects for downstream subsystems.
OPEN Gate
02 · INJECT
Prompt Injection Engine
Crafts adversarial instructions embedded in CEF, syslog RFC-5424, Splunk JSON, Elastic ECS, LEEF, STIX 2.1, and CVE JSON format events. 10 adversarial instruction templates. Bypass techniques: zero-width space, base64, BiDi override, HTML comment, JSON key smuggling.
OPEN Gate (build) INJECT Gate (fire)
03 · MISDIRECT
Threat Misclassification
FP-STORM: 500+ synthetic high-severity events from whitelisted sources. FN-CLOAK: wraps real attacks inside maintenance-window events. CONFIDENCE-DRAIN: borderline-confidence flood to shift AI thresholds. CONTEXT-POISON: contradictory incident notes, TI updates, and playbook overrides.
OPEN Gate (build) INJECT Gate (fire)
04 · WRITE
Write-Access Exploitation
Real API calls against authenticated SOC platforms: CrowdStrike firewall rule injection and host containment, Microsoft Defender machine isolation and alert suppression, Splunk saved search backdoor, Elastic detection rule override, SentinelOne agent quarantine and threat resolution, Palo Alto XSIAM incident manipulation.
UNLEASHED Gate
05 · PERSIST
Durable Injection Survival
Plants payloads in locations that survive alert rotation and index rollover: Elastic index templates (auto-apply on new index creation), Splunk saved searches (cron-scheduled), Chronicle detection rules (run on every log batch), SentinelOne exclusion lists, CrowdStrike IOC allowlists.
INJECT Gate
06 · BLIND
Detection Suppression
LOG-FLOOD: 1000-event noise bursts from trusted internal sources. TIMESTAMP-WARP: 72-hour backdated events to break temporal correlation rules. COVERAGE-GAP: exploits vendor-specific AI detection blind spots. SIEM-CORRUPTION: malformed events trigger silent log loss. ALERT-FATIGUE: sustained borderline-confidence waves.
INJECT Gate
07 · HARVEST
AI Intelligence Exfiltration
Natural language queries to SOC AI endpoints. Regex extraction of API keys, internal IP ranges, detection rules (YARA/Sigma/KQL/EQL/SPL), playbook content, victim emails, and asset inventory. Deduplication and severity classification of harvested intel.
INJECT Gate
08 · REPORT
Signed Evidence Report
Ed25519-signed VPR-{hex12} reports. Risk score 0.0–1.0. Hash-chained evidence log. JSON/Markdown/text output. MITRE ATT&CK and ATLAS technique mapping. OWASP reference tagging. Follow-on tool recommendations.
All Gates
CLI Reference

specter-viper

All modes. Full pipeline or per-subsystem targeting.

# RECON — fingerprint SOC AI platforms (no key required)
$ specter-viper recon --target crowdstrike_charlotte \
    --url https://api.crowdstrike.com --api-token $CS_TOKEN

# INJECT — build and fire prompt injection payloads (INJECT gate)
$ specter-viper inject --target elastic_ai \
    --url http://kibana.internal:5601 --api-token $ELASTIC_KEY \
    --gate INJECT --fire --key ~/.nightfall/nightfall.key

# MISDIRECT — run misclassification campaigns
$ specter-viper misdirect --target splunk_ai \
    --url http://splunk.internal:8089 --gate INJECT --fire \
    --fp-count 500 --key ~/.nightfall/nightfall.key

# WRITE — build write-access actions (UNLEASHED — executes real API calls)
$ specter-viper write --target microsoft \
    --url https://api.securitycopilot.microsoft.com \
    --api-token $MS_TOKEN --gate UNLEASHED --execute \
    --key ~/.nightfall/nightfall.key

# PERSIST — plant persistence entries
$ specter-viper persist --config targets.json \
    --gate INJECT --fire --key ~/.nightfall/nightfall.key

# FULL PIPELINE — all 8 subsystems
$ specter-viper full --config targets.json \
    --gate UNLEASHED --fire --execute-write \
    --key ~/.nightfall/nightfall.key \
    --output markdown --out-dir ./reports

# List all 7 supported SOC AI platforms
$ specter-viper list-profiles
# targets.json — multi-platform config
[
  {"profile": "crowdstrike_charlotte", "url": "https://api.crowdstrike.com", "api_token": "..."},
  {"profile": "elastic_ai",            "url": "http://kibana.corp:5601",     "api_token": "..."},
  {"profile": "splunk_ai",             "url": "http://splunk.corp:8089",     "api_token": "..."},
  {"profile": "sentinelone_purple",    "url": "https://corp.sentinelone.net","api_token": "..."}
]
Framework Coverage

MITRE ATT&CK & ATLAS

AML.T0043
Craft Adversarial Data
AML.T0051
LLM Prompt Injection via Indirect Prompt Injection
AML.T0054
Prompt Injection
T1562.001
Impair Defenses: Disable or Modify Tools
T1562.006
Impair Defenses: Indicator Blocking
T1078
Valid Accounts (AI System)
OWASP
OWASP Agentic A02
Indirect Prompt Injection via Environmental Data
OWASP LLM01
Prompt Injection
OWASP LLM07
Insecure Plugin Design (SOC AI Plugin Abuse)