UNCLASSIFIED // INSTRUCTIONAL USE Effective 2026-05-06 · Quarterly review

Course Delivery SOP

Standard Operating Procedure for delivering an 8-hour offensive-security training day across the l33tpwn + chakra + foundry integrated pipeline, scaling to 250 students per cohort.

250

Students per cohort

10

Phases · 9-hour day

5

Operator roles

$370

Typical cohort spend

$893

Hard cost ceiling

Course-day timeline

T-72h T-1h T+0 T+30m T+1h T+2h T+4h T+6h T+8h T+9h 1 · Pre-class 2 · Roll 3 · Provision 4 · Walkthrough 5 · Mission 6 · Curate 7 · Train 8 · Eval 9 · Sync 10 · Tear-down + AAR

Click any phase to jump to its procedure detail.

1.0 Purpose

This SOP prescribes the conduct of a single training cohort of up to 250 students across the integrated pipeline:

l33tpwn

Student lab provisioning, walkthrough delivery, target lifecycle.

chakra

Pen-test mission engine; drives the LoRA adapter against a target, produces PDCA traces.

foundry

MLOps spine; ingests traces, fires Modal training, presents experiment lineage.

Compliance: Deviations from this SOP require LI written approval and shall be logged in the After-Action Review.

2.0 Scope

A single 8-hour instructional day for a cohort of 50–250 students. Explicit design intents:

Allow each student independent adapter creation, experiment authoring, and pen-test execution against a dedicated lab target.
Preserve the autonomous, tightly-integrated loop — students do not manually bridge tools.
Permit interaction via CLI from the student's laptop OR noVNC in a browser on the provisioned attack machine — both surfaces produce identical outcomes.
Ensure VNC discoverability via CLI — a CLI-first student never needs a browser bookmark or instructor handoff.

Out of scope: multi-day cohort scheduling, final certification, production red-team engagements.

4.0 Responsibilities

Five roles. One LI per cohort, one AI per ~25 students, one LO per cohort, one SME on call, one student per Cognito identity.

LILead Instructor

1 per cohort (250 max)

Approves roster + schedule by T-72h
Conducts morning brief + AAR
Single approving authority for out-of-scope decisions
Holds final responsibility for cost containment

AIAssistant Instructor

1 per 25 students

Real-time awareness of all 25 STU lab states
Resolves escalations in <5 min
Submits shift handover to LI by T+8h

LOLab Operator

1 per cohort

Verifies operational pre-checks GO by T-1h
Sole holder of claude IAM creds + Modal token
Snapshots DynamoDB at T-0 and T+8h
Confirms zero running cohort instances by T+9h

SMESubject-Matter Expert

1 on call per shift

Live in #l33tpwn-cohort-support
Responds to AI escalations in <10 min
Authority to mark target broken + remediate

STUStudent

Self

Reads Annex B before T+0
Cognito email = enrollment email (case-sensitive)
Notifies AI within 2 min of system fault
Submits adapter run_id by T+7h

5.0 Procedure

Ten phases on hard time windows. Click any phase to expand its detailed steps, code, and escalation paths.

1 Pre-Course Preparation T-72h → T-1h LO lead LI sign-off

Output: Operational readiness signed off by LI.

5.1.1 · Infrastructure Pre-Flight (T-72h)

# Verify proxy is healthy
l33tpwn proxy routes | head -5
l33tpwn proxy clean-stale     # dry-run; report any stale to LI

# Verify Modal training pipeline
foundry train fire web --epochs 1 --watch  # smoke test, ~5 min
foundry train cancel <run_id> --yes        # discard the smoke run

# Verify DynamoDB table sizes are nominal
l33tpwn dynamo grep userdata '@' | wc -l    # current student count

If any check fails, escalate to LI immediately. Do not proceed.

5.1.2 · Walkthrough Validation (T-48h)

l33tpwn walkthrough validate           # all 48 must pass
l33tpwn walkthrough sources --check    # HEAD-check source URLs

5.1.3 · Roster Provisioning (T-24h)

LO pre-creates Cognito users for the cohort using Annex C's batch script.

5.1.5 · GO/NO-GO Call (T-1h)

15-minute call with LO + AIs. All four checks must read GO. Any RED status results in cohort delay or cancellation per LI's discretion.

2 Cohort Roll Call T+0 → T+30m LI AI STU

Output: Each STU has verified login + recorded section assignment.

5.2.1 · STU Login Verification

Each student in their own terminal:

l33tpwn login --email <your-cohort-email>
# Password sent via cohort onboarding email
l33tpwn whoami
# Expected: email matches enrollment, ID token expiry > 6h from now

If whoami reports "Not logged in", retry once. Second failure → raise hand.

5.2.2 · AI Roll Call

Each AI confirms presence for all 25 students and reports counts to LI by T+25m.

3 Lab Provisioning T+30m → T+60m STU lead AI monitor

Output: Each STU has a running attack machine + at least one target (advanced tier also has a purple defense machine).

5.3.1 · Self-Service Provisioning

l33tpwn student provision <email> --tier <basic|advanced>
# Provisioning takes 2-4 minutes
l33tpwn student instances <email>
# Wait until all instances read state=running

5.3.2 · Locating the VNC Link via CLI ⭐ load-bearing

This is the design-intent step: "VNC discoverable from CLI."

# Attack machine VNC URL
l33tpwn student vnc-url <email>
# → https://<hash>.l33tpwn.com/vnc_lite.html?path=websockify&password=hackme&autoconnect=true

# Purple machine VNC URL (advanced tier)
l33tpwn student vnc-url <email> --purple

Student may either click the URL (browser noVNC) or stay in their CLI with chakra. Both surfaces produce identical state — this is the dual-path equivalence principle.

5.3.3 · AI Health Sweep at T+45m

for stu in $(cat ai-section-roster.txt); do
  l33tpwn student instances $stu --json | jq -r '.[] | "\(.role) \(.state)"'
done

Any STU with state ≠ running after 5 min → escalate to SME. AI may issue:

l33tpwn student start <email> --target attack --wait

4 Walkthrough Familiarization T+60m → T+105m LI brief STU self-paced

15-min LI brief at T+60m, then 30 min self-paced walkthrough review.

# Interactive viewer with arrow-key navigation
l33tpwn walkthrough view albania
#   →/Shift+→/n/Enter   next step
#   ←/Shift+←/p         previous step
#   c                    copy current command to clipboard
#   s                    switch section
#   t                    table of contents
#   q                    quit

Or printable form:

l33tpwn walkthrough render albania --section recon
l33tpwn walkthrough render albania --no-color > albania.txt

5 Mission Execution T+105m → T+225m STU drives autonomously

Output: One PDCA trace JSONL at data/traces/pdca/<mission-id>.jsonl.

This is the autonomous loop's core. Two entry paths — both produce the same trace.

Path A · Autonomous chakra

For first-attempt students. Recommended.

chakra init -t albania
chakra discover
chakra run albania --invocations 30

Path B · Live VNC + manual tooling

For students ahead of the cohort.

Open the noVNC URL from §5.3.2, run walkthrough commands inside the Kali desktop. Sidecar captures the trace identically.

5.5.3 · Mission Boundary

A mission completes when ANY of:

Trace contains at least one report_finding tool call (target compromised)
Invocation budget (default 30) exhausted
T+225m reached

STUs SHALL NOT extend missions past T+225m without LI authorization. Cost containment depends on this.

6 Trace Curation T+225m → T+285m STU lead AI assist

Human-in-the-loop step. STUs may use CLI or foundry web UI — both write to the same .foundry/curation/ manifests.

CLI Curation

foundry data list
foundry data show v17-cohort --bucket web --hp-only
foundry data review v17-cohort --bucket web --start 0 --limit 20
foundry data curate v17-cohort                # dry-run
foundry data curate v17-cohort --apply        # writes the curated sibling corpus

UI Curation

Browse to the cohort's foundry endpoint, log in, use the Data Review tab. Verdicts persist to the same manifest the CLI reads.

STUs whose curated corpus has < 5 records are paired with a peer for Phase 7 and train on the cohort-shared fallback corpus.

7 Adapter Training T+285m → T+405m STU lead LO budget

Output: Each STU has fired one Modal training run with a tracked experiment row.

5.7.1 · Pre-Training Quota Check (LO at T+285m)

modal token current
# Confirm balance > cohort_size × $2 (worst-case adapter cost)

5.7.2 · STU Fires Training

foundry train fire web \
    --training-data-dir data/training/pdca-toolcalls-v17-cohort-mt-curated \
    --base-model Qwen/Qwen2.5-7B-Instruct \
    --epochs 3 --lora-rank 32 \
    --watch
# 30-90 min depending on corpus size; --watch streams logs into CLI DB

Common error modes — AI playbook:

Error	Remediation
`OOM on 7B base`	Re-fire with `--lora-rank 16 --max-seq-length 1024`
Empty corpus	Curation dropped too many records → cohort-shared fallback
Modal timeout	Transient; wait 10m, re-fire

5.7.3 · Training Completion

foundry train download <run_id> \
    --dest packages/tactician/adapters/<student-id>/

8 Adapter Evaluation T+405m → T+450m STU

chakra improve --modal           # uploads new adapter, restarts vLLM
chakra scores                    # eval verdict against golden traces

# Time permitting:
chakra loop albania --modal --repeat 1    # second-iteration trace

9 Cohort Sync to Foundry UI T+450m → T+480m LO

# LO on the foundry server host:
foundry sync --url http://localhost:8347

By T+475m, in the Experiments tab:

≥ 95% of STUs have a complete row
Adapter loss curves visible
Zero rows with adapter='lora' (smoke for sync.py fix)

10 Tear-Down + AAR T+480m → T+540m LO tear-down LI AAR

5.10.1 · Per-Student Tear-Down

l33tpwn student stop <email>        # preserves VPC; cheap stopped
# OR full tear-down:
l33tpwn student teardown <email> --yes

5.10.2 · LO Cohort-Wide Sweep at T+510m

aws ec2 describe-instances \
    --filters "Name=tag:l33tpwn-cohort,Values=<cohort-id>" \
              "Name=instance-state-name,Values=running" \
    --query 'Reservations[].Instances[].InstanceId'
# Expected: empty array

l33tpwn dynamo dump          # backup state for AAR

5.10.3 · AAR (T+520m, 20 minutes)

LI convenes LO + AIs. AAR records:

Number of STUs who completed all 8 phases
Number + root cause of escalations
Modal compute spend (LO from modal billing)
AWS spend (LO from Cost Explorer)
Deviations from this SOP (with LI sign-off)
Recommendations for next cohort

AAR is filed at docs/aar/AAR-<cohort-id>-<date>.md within 24h.

6.0 Safety, Security & Cost

6.3 · Cost Containment

LI is responsible for the cohort cost ceiling.

Component	Per-Student Cap	Cohort Cap (250)
EC2 compute (8h running)	$0.50	$125
EC2 storage (stopped, 24h)	$0.05	$12.50
Modal training (1 run)	$3.00	$750
Foundry server	—	$5/day flat
Total	$3.55	$892.50

6.1 Allowlist: No pen-test action against IP/host outside vapt/api/config.py:ALLOWLIST. LI is sole authorizer for extensions.

6.2 Tier: tier-3 (lab-only exploit) tools enabled (LAB_MODE=true) ONLY for cohort VPC. Default tier-2 (scan + verify + safe-exploit).

6.4 Credentials: LO holds IAM claude. STUs use Cognito only. Modal token rotated quarterly. SSH keys are LO-only — STUs reach Kali via noVNC, never SSH.

6.5 Data retention: Cohort PDCA traces retained 90 days. LO purges data/traces/pdca/cohort-<id>-*.jsonl after.

8.0 Emergency Procedures

8.1 Modal Outage

Active runs continue (durable beyond CLI)
Phases 1–6 STUs proceed normally
Phase 7 STUs fall back to LI demo
LO files outage report

8.2 AWS Region Outage

LI calls STAND-DOWN; pause all phases
LO checks AWS Health Dashboard
Outage > 30min → cancel + reschedule within 7 days
STUs released; tear-down via scheduled Lambda

8.3 Compromised Credential

aws cognito-idp admin-disable-user \
  --user-pool-id ap-south-1_mZ8lAHEgN \
  --username <sid-at-cohort>
l33tpwn student teardown <email> --yes

LI notifies program director within 4h.

Annex A · Course Content Manifest

Filled per cohort by the LI at T-72h.

Cohort ID	e.g. COH-2026-Q2-OFFSEC-101
Date	YYYY-MM-DD
Cohort size	N students
Tier	basic / advanced
Target	albania / dvwa / billu / juiceshop / …
Primary walkthrough	e.g. albania (8+3+8 steps)
Adapter base model	Qwen/Qwen2.5-7B-Instruct
Modal budget cap	USD
AWS budget cap	USD
LI / LO / AIs / SME	Names + Cognito emails

Annex B · Student Quick-Start

One page. Read in full before T+0.

B.1 · Install (one-time, 10 minutes)

git clone <cohort-distribution-url> attacksimulation
cd attacksimulation
pip install -e l33tpwn -e foundry
l33tpwn --version          # → l33tpwn, version 0.1.0
foundry --version          # → foundry, version 0.2.0

B.2 · Course-Day Workflow

┌──────────────────────────────────────────────────────────────────┐
│  T+0:00     l33tpwn login --email <your-cohort-email>            │
│             l33tpwn whoami            (must show your email)     │
│  T+0:30     l33tpwn student provision <email> --tier basic       │
│             l33tpwn student vnc-url <email>      ← VNC LINK!     │
│  T+1:00     l33tpwn walkthrough view albania     (use ←/→/c/q)   │
│  T+1:45     chakra init -t albania                               │
│             chakra discover                                       │
│             chakra run albania --invocations 30                  │
│  T+3:45     foundry data review v17-cohort --bucket web          │
│             foundry data curate v17-cohort --apply               │
│  T+4:45     foundry train fire web --watch                       │
│  T+6:45     foundry train download <run_id>                      │
│             chakra improve --modal                               │
│             chakra scores                                         │
│  T+8:00     l33tpwn student stop <email>                         │
└──────────────────────────────────────────────────────────────────┘

B.3 · If Things Go Wrong

Login fails: retry once, then raise hand. Do NOT try a different email.
VNC URL says "no attackDnsHash": provision didn't complete. Run l33tpwn student instances + tell AI.
chakra run hangs > 5 min: Ctrl-C, run chakra status, tell AI.
Training errors: read error in foundry train logs, paste in chat.
Anything destructive (delete, --force, sudo): STOP. Tell AI.

B.4 · If You're Ahead of the Cohort

With AI permission you may:

Try a second target: l33tpwn walkthrough show billu, then re-run from T+1:00
Curate more aggressively, see if your adapter improves more
Try a different base model: --base-model Qwen/Qwen2.5-3B-Instruct

You may NOT, without LI permission: provision more than one lab, modify allowlist or tier, train with --epochs > 3.

Annex C · Batch Roster Provisioning

Executed at T-24h by the LO. Input: cohort-roster.csv with columns email,tier.

while IFS=, read -r email tier; do
    [ "$email" = "email" ] && continue   # skip header
    aws cognito-idp admin-create-user \
        --user-pool-id ap-south-1_mZ8lAHEgN \
        --username "${email//@/-at-}" \
        --user-attributes Name=email,Value="$email" \
                          Name=email_verified,Value=true \
        --temporary-password 'CohortDay1!' \
        --message-action SUPPRESS
    aws dynamodb put-item \
        --table-name event_success \
        --item '{"email":{"S":"'"$email"'"},
                 "endDate":{"S":"'"$(date -u -v+1d +%Y-%m-%dT%H:%M:%S)"'"},
                 "tier":{"S":"'"$tier"'"}}'
done < cohort-roster.csv

After this completes, every cohort STU has a Cognito credential, a DynamoDB event_success row with 24h validity, and the cohort's blanket tier.

Annex D · Dual-Path Integration Diagram

The student's surface choice (CLI vs VNC) is cosmetic. The underlying state — trace, manifest, experiment, adapter — is identical either way.

Student's choice: CLI laptop or noVNC?

STU local CLI

chakra run …
foundry data …
foundry train …

noVNC in browser

Kali desktop on attack machine

Foundry web UI

Data Review tab
Experiments tab

↓

Same files. Same DB. Same trace.

data/traces/pdca/*.jsonl

.foundry/foundry.db (CLI)

.foundry/curation/*.json

packages/tactician/adapters/*

↓

via foundry sync

Cohort-wide UI for LI / AI visibility — single pane of glass over all 250 students