Skip to main content

Workshop at REcon 2026: Building Agent Skills for Reverse Engineering

· 3 min read
clearseclabs
clearseclabs
Cyber Security Research & Training
REcon 2026 conference artwork

ClearSecLabs is bringing a workshop to REcon 2026 in Montreal: Agentic Reverse Engineering: Building Custom AI Skills with Coding Agents, led by our principal researcher John McIntosh.

We're coming back to REcon. Last year's session focused on MCP-based Ghidra integration, where MCP gave coding agents tool access. This time, Agent Skills give them structured, reusable workflows. We're going to build one end to end.

What you'll build

A multi-platform driver-analysis Skill that automates:

  • IOCTL enumeration and mapping across platforms
  • Dispatch-flow analysis (Windows IRPs, Linux file ops, macOS IOKit user-client methods)
  • Code-flow analysis using callgraphs and xrefs
  • Reproducible workflow capture that other agents can pick up

Targets: Windows .sys, macOS .kext, Linux kernel modules.

Coding agents we'll use

Bring a laptop with at least one of these installed:

You'll also need git clone and basic familiarity with reverse engineering concepts.

Outline

  1. Foundations of Agentic RE — Skills framework vs. MCP, coding agent capabilities, environment setup, workflow capture, progressive disclosure
  2. Skill Building: Architecture, Workflows, and Iteration — folder structure, analysis workflows, structured output schemas, testing, agent performance tuning
  3. Hands-On Build: Driver Analysis Skill — IOCTL enumeration, dispatch flow, code flow, scaffolding, integration
  4. Interactive RE with Agent Automation — combining manual reversing with agent automation, offloading repetitive tasks, validating hypotheses
  5. Extending and Iterating Skills — adding workflows, tests, examples, integrating prior research
  6. Wrap-Up — review of the completed Skill, next steps for building agentic RE automation

Why Skills (and not just MCP)

Coding agents have moved past "write me a function." With Skills, they pick up structured workflows and execute multi-step RE tasks with progressive disclosure: the agent loads only what it needs, when it needs it. The context window stops being the bottleneck. Workflow capture turns your hard-won RE heuristics into something the agent can replay across binaries.

If you've been waiting for AI in RE to stop being a chat experiment and start being something structured, this is that moment.

Date and registration

The workshop runs within REcon 2026 (June 15–19, Montreal). The specific date and time will be on the REcon schedule once it's published.

Background

This workshop builds on prior work:

For deeper coverage end-to-end, the Agentic RE course walks the full pipeline.

See you in Montreal

Subscribe to the notification list and we'll send the schedule and pre-workshop materials as soon as they're ready. Looking forward to building something useful with you in Montreal.