Agentic RE: CSL Virtual 2026

ClearSecLabs training session — Building a Ghidra Model Context Protocol

CSL VirtualJuly 6–10, 20265 days, 4 hrs/day32 CPE hours

What Is This Course?

This is the full 5-day virtual offering of Agentic RE: Automating Reverse Engineering & Vulnerability Research with AI. You'll build private AI stacks, develop custom MCP servers, optimize local models for your tasks, and orchestrate agents that reason through binaries autonomously.

By the end of the week, you'll have a working agentic workflow that analyzes binaries, surfaces potential vulnerabilities, validates findings, and triages results across platforms — Windows, macOS, iOS, and Android.

What Makes This Course Different

This is not a "prompt engineering for RE" course. You write real code: custom MCP servers that give LLMs access to Ghidra, optimization pipelines that make local models accurate, and agents that reason through binaries autonomously. The skills transfer to whatever models and frameworks come next.

An LLM calling Ghidra via MCP to list and analyze project binaries — LLM calls Ghidra through MCP — all from a single prompt.

An agent reasoning through decompiled code to identify a vulnerability — An agent autonomously identifies a use-after-free vulnerability.

Schedule

Live sessions via Zoom, 4 hours per day. Self-paced labs and Discord support fill the remaining time.

Day	Date	Topic	Time (US Mountain)
Day 1	July 6	Foundations of Agentic RE — LLM basics, local stack setup, first MCP connection	07:00–11:00
Day 2	July 7	Custom MCP Servers — Build Ghidra MCP, Semgrep/CodeQL integration, semantic search	07:00–11:00
Day 3	July 8	Adapting LLMs for RE/VR — Context engineering, prompt optimization with MIPROv2 and GEPA, fine-tuning	07:00–11:00
Day 4	July 9	Workflows & Orchestration — ReAct agents, multi-platform dispatch, capstone kickoff	07:00–11:00
Day 5	July 10	Agent Skills & Capstone — Coding agents, capstone delivery, wrap-up	07:00–11:00

Time Zone Conversion

Region	Local Time
US Pacific	06:00–10:00
US Mountain	07:00–11:00
US Eastern	09:00–13:00
UK GMT	14:00–18:00
Europe CET	15:00–19:00
Australia AEST	23:00–03:00 (next day)

What Students Receive

Course slides and training materials
Preconfigured devcontainers with all labs and tools
Access to course CTF server during and beyond the course
Course inference infrastructure (no local GPU required)
Resources for continued learning
Instructor support via Discord during and after the course

What Students Say

"I feel like I am fairly well versed with AI, models, MCPs, etc. and I still learned a lot from this training. Every day I commented to my manager and my team how awesome this training was." — B., senior security engineer

"The course felt more like an AI course than a strict RE course. The skills and concepts are clearly transferable to other related contexts. That breadth was a pleasant surprise." — C., security researcher

"This course showed me how to bring AI into our workflow even without internet access. I'm going back to my team with a plan for local LLMs that leadership can actually get behind." — D., RE team lead (restricted networks)

Prerequisites

Intermediate reverse engineering experience (familiarity with Ghidra, IDA, or similar tools)
Basic vulnerability research knowledge (understanding of common bug classes and analysis workflows)
Comfort with scripting in Python (used for MCP servers, orchestration, and workflow glue)
Familiarity with Linux or macOS command-line environments for stack setup and automation

No prior LLM or AI framework experience needed. We cover the fundamentals before anything advanced.

System Requirements

AI Hardware:

A machine capable of running at least an 8B model (e.g., Qwen3 or Llama)
Recommended: modern GPU (RTX 3060+ or Apple M-series) with 16GB+ RAM
Course inference infrastructure is provided during the course — no local GPU required

Software:

Python 3.11+
Docker (for OpenWebUI and Ollama)
git and a Linux-style command-line environment with administrator privileges

Full Course Details

For the complete course outline, architecture diagram, technology stack, and radar chart, see the full Agentic RE course page.

FAQ

How do virtual courses work?

Courses are delivered live via Zoom, combining structured lectures, self-paced labs, and real-time feedback. You'll receive exercises, access to a CTF server, and instructor support via Discord.

What is the daily format?

A 4-hour interactive lecture each day (07:00–11:00 Mountain / 09:00–13:00 Eastern), followed by self-paced exercises. Office hours and Discord support are available throughout.

Is there a group discount?

What's the refund policy?

Full refunds are available up to 30 days before the course. After that, we offer a 50% refund or a free transfer to another session. No refunds within 7 days of the course start date.

Other Agentic RE Offerings in 2026

Date	Event	Location
June 15	REcon 2026	Montreal, Canada
August 1–2	Black Hat USA 2026	Las Vegas, NV
August 3–4	Black Hat USA 2026	Las Vegas, NV
August 10–11	DEFCON 2026	Las Vegas, NV

Join the Waitlist

What Is This Course?​

Schedule​

Time Zone Conversion​

What Students Receive​

What Students Say​

Prerequisites​

System Requirements​

Full Course Details​

FAQ​

How do virtual courses work?​

What is the daily format?​

Is there a group discount?​

What's the refund policy?​

Other Agentic RE Offerings in 2026​