Red Specter VANTAGE

Agent Telemetry & Log Injection Engine — 4 subsystems, 344 tests, live Elasticsearch 8.11.0 validated.

v1.0.0 Operational Tool 49 344 Tests 4 Subsystems UNLEASHED Gate WARLORD Compatible

Contents

Overview Subsystems Subsystem Details CLI Reference Quick Start UNLEASHED Gate Target Systems WARLORD Integration Installation Key Features Disclaimer

Overview

Red Specter VANTAGE manipulates the observability layer of AI agent deployments. It intercepts, forges, and injects into telemetry streams — making agents invisible to defenders, or making defenders see exactly what the attacker wants them to see.

Modern AI agent infrastructure depends on telemetry: Elasticsearch, Splunk, Datadog, OpenTelemetry collectors, Prometheus, Grafana, AWS CloudTrail. VANTAGE treats every one of these as an attack surface. Map the stack, forge synthetic events, inject malicious log entries, or selectively blind the entire observability pipeline. Defenders are flying on instruments. VANTAGE corrupts the instruments.

VANTAGE operates under the UNLEASHED dual-gate: passive reconnaissance (OBSERVE) requires no gate. Active operations (FORGE/INJECT) require --override. Destructive operations (BLIND) require both --override and --confirm-destroy. Every output is Ed25519 signed.

The 4 Subsystems

#	Subsystem	Command	Role
01	OBSERVE	vantage observe	Map the telemetry stack — discover log stores, collectors, and retention policies
02	FORGE	vantage forge	Generate synthetic log events — craft convincing fake telemetry from templates
03	INJECT	vantage inject	Write malicious events to live log stores — pollute the audit trail
04	BLIND	vantage blind	Suppress legitimate telemetry — remove evidence or create operational blindspots

Subsystem Details

01 OBSERVE vantage observe

Passive reconnaissance against the target's observability stack. No data is written or modified. Maps what is present and accessible before any active operation begins.

Stack identification — detect Elasticsearch, Splunk, Datadog, OTel, Prometheus, Grafana, CloudTrail
Index/index-set enumeration — list available log indices and data streams
Retention policy mapping — identify how long events persist and when they roll over
Authentication surface — probe for unauthenticated APIs, weak credentials, open collectors
Agent telemetry endpoints — locate where AI agent runtime events are being shipped
Schema fingerprinting — extract field mappings and event structure for FORGE template generation

OBSERVE mode is fully passive. No --override required. Output feeds directly into FORGE template generation.

02 FORGE vantage forge

Constructs synthetic log events that are indistinguishable from legitimate agent telemetry. Events are built against the schema fingerprint produced by OBSERVE, ensuring structural validity and realistic field population.

Template engine — JSON templates with field substitution, timestamp generation, and agent ID spoofing
Timestamp manipulation — backdate events, fill gaps in the audit trail, or create impossible timelines
Agent identity spoofing — events signed with stolen or forged agent identifiers
Severity inflation/deflation — make critical events look benign, or noise look critical
Correlation ID poisoning — forge correlation IDs to create false causal chains across log stores
Bulk generation — produce thousands of synthetic events for large-scale injection campaigns

Requires --override. Output is a payload file ready for INJECT.

03 INJECT vantage inject

Writes the forged payload file to live log stores. Supports direct API injection for Elasticsearch and Splunk HEC, OTel collector poisoning, and CloudTrail log stream injection.

Elasticsearch bulk API — direct index writes via _bulk endpoint, bypassing agent pipelines
Splunk HEC — inject via HTTP Event Collector using discovered or stolen tokens
OTel collector — poison the upstream collector before events reach the backend
Datadog log intake — inject via the Datadog logs API with forged API keys
AWS CloudTrail — write synthetic trail events via the CloudTrail API
Conflict handling — optionally overwrite existing events at known document IDs

Requires --override. Every injection is logged locally with a signed receipt for the engagement report.

04 BLIND vantage blind

Suppresses or destroys legitimate telemetry. The most destructive subsystem in VANTAGE. Targets the retention layer directly — deletes indices, purges document ranges, disables ingest pipelines, or silences collectors.

Index deletion — drop entire Elasticsearch indices, removing all historical events
Document purge — delete specific document ranges by query or ID range
Ingest pipeline disable — shut down Elasticsearch ingest pipelines, halting all new events
OTel collector shutdown — send malformed config to crash or disable the collector
Splunk index freeze — abuse the Splunk REST API to freeze bucket availability
Grafana alert suppression — disable alert rules to prevent defender notification

Requires both --override and --confirm-destroy. This operation is irreversible on live targets without backups.

CLI Reference

OBSERVE — Map the telemetry stack

$ vantage observe --target <URL> [--stack elk|splunk|datadog|otel]

  --target     Target URL (Elasticsearch base, Splunk management, etc.) [required]
  --stack      Force stack type hint [optional — auto-detects if omitted]
    

FORGE — Generate synthetic log events

$ vantage forge --template <file> --ts <timestamp> [--override]

  --template   JSON template file (use schema from OBSERVE output) [required]
  --ts         Timestamp to embed (ISO 8601 or epoch ms) [required]
  --override   Activate UNLEASHED gate [required for FORGE]
    

INJECT — Write malicious events to log stores

$ vantage inject --target <URL> --payload <file> [--override]

  --target     Target log store URL [required]
  --payload    Payload file from FORGE output [required]
  --override   Activate UNLEASHED gate [required for INJECT]
    

BLIND — Suppress legitimate telemetry

$ vantage blind --target <URL> [--override] [--confirm-destroy]

  --target          Target log store URL [required]
  --override        Activate UNLEASHED gate [required]
  --confirm-destroy Confirm irreversible destruction [required for BLIND]
    

REPORT — Signed output

$ vantage report --input <scan.json> [--format md|json]

  --input      Input scan results file [required]
  --format     Output format: md or json [default: json]
    

Quick Start

Step 1 — Map the telemetry stack

$ vantage observe --target http://localhost:9200
# Auto-detects Elasticsearch 8.11.0+
# Enumerates indices, ingest pipelines, retention policies
# Outputs schema fingerprint to observe-output.json
    

Step 2 — Forge synthetic events

$ vantage forge --template es_agent_log.json --ts 2026-04-24T00:00:00Z --override
# Generates synthetic agent log events matching the target schema
# Outputs payload file ready for injection
    

Step 3 — Inject and report

$ vantage inject --target http://localhost:9200 --payload forge-output.json --override
$ vantage report --input inject-results.json --format md
    

VANTAGE UNLEASHED

VANTAGE uses the UNLEASHED dual-gate system. All active and destructive operations require cryptographic authorisation.

OBSERVE — passive reconnaissance, no gate required
FORGE — requires --override (Ed25519 key validated)
INJECT — requires --override (Ed25519 key validated)
BLIND — requires --override + --confirm-destroy (irreversible)

The UNLEASHED gate verifies the operator's Ed25519 private key before any active operation executes. Unsigned invocations produce a dry-run trace with no live writes.

Target Systems

Elasticsearch 8.11.0+ — index writes, bulk API, ingest pipeline manipulation, ILM policy abuse
Splunk Enterprise / Cloud — HEC injection, REST API manipulation, bucket freeze
Datadog — log intake API injection, monitor suppression
OpenTelemetry collector — upstream poisoning before backend delivery
Prometheus — remote write poisoning, alert rule manipulation
Grafana — alert suppression, dashboard data source manipulation
AWS CloudTrail — trail event injection, log file validation bypass

WARLORD Integration

VANTAGE is registered in the WARLORD autonomous campaign registry. It can be orchestrated as part of multi-tool campaigns targeting AI agent infrastructure.

$ warlord --tool vantage --mode inject

Typical WARLORD campaign sequence pairing VANTAGE with other NIGHTFALL tools:

IDRIS — agent discovery and asset mapping
VANTAGE OBSERVE — map the telemetry stack of discovered agents
VANTAGE FORGE + INJECT — pollute the audit trail pre-exploitation
CRUCIBLE / FIREBALL — agent exploitation while defenders are blind
VANTAGE BLIND — erase evidence post-exploitation
VANTAGE REPORT — signed engagement output

Installation

From source

$ cd /path/to/red-specter-vantage
$ pip install -e .
$ vantage --version
# VANTAGE v1.0.0 — Agent Telemetry & Log Injection Engine
    

Requirements

Python 3.11+
httpx — async HTTP client
typer — CLI framework
rich — terminal formatting
pydantic — data validation
cryptography — Ed25519 signing (UNLEASHED gate)
elasticsearch — official Elasticsearch Python client
boto3 — AWS CloudTrail API access

Key Features

344 Tests Passing Full test suite across all 4 subsystems, zero failures

Live ES 8.11.0 Validated OBSERVE and INJECT validated against live Elasticsearch instance

Ed25519 Signed Reports Every REPORT output cryptographically signed for evidence integrity

UNLEASHED Dual-Gate Graduated authorisation — passive to irreversible, key-controlled

7 Target Platforms Elasticsearch, Splunk, Datadog, OTel, Prometheus, Grafana, CloudTrail

WARLORD Compatible Registered in autonomous campaign registry, orchestrated campaigns supported

Disclaimer

Red Specter VANTAGE is designed for authorised security testing, research, and educational purposes only. You must have explicit written permission from the system owner before running any VANTAGE operation against a target. BLIND operations are irreversible and may result in permanent loss of audit data. Unauthorised use may violate the Computer Misuse Act 1990 (UK), the Computer Fraud and Abuse Act (US), or equivalent legislation in your jurisdiction. The authors accept no liability for misuse.