wickend.dev
wickend.dev / Writing / Orient Before You Dispatch
4 min read

Orient Before You Dispatch

every "AI runs a CTF" write-up skips the same step — the one where you put the LLM down and solve a few flags by hand. I keep arguing for it. Here's why it's worse to skip in an LLM loop, not better.

I spent a chunk of this year running an internal pentest training platform with Claude Code in the loop. Dozens of flags, one shared target, one HTTP origin. Early on, the shape of the workflow that ended up in claude-code-ctf-workflow showed up — a six-stage loop that ends in subagents attacking flags in parallel, each owning its own file so nothing races on writes.

Stages 1 through 5 are the parts that sound good in a tweet. Recon the target, brief every flag, dispatch in parallel, aggregate intel, loop. Stage 0 is the one I have to defend every time I show somebody the diagram.

Stage 0 — Orient. Use the LLM as a tutor, not an attacker. Solve two or three flags by hand with whatever manual tool fits the platform. Burp for web, gdb / pwntools for binary.

The pushback is always some version of: I’m using Claude Code so I don’t have to do that part. The whole pitch of an AI workflow is that the model handles the grind. Manually clicking through a few flags is the exact friction I’m supposed to be paying for an LLM to remove.

What Orient Actually Buys

The flag isn’t the artefact. The audit trail is.

When a subagent comes back twenty minutes later saying “tried payload X, response 403, moved on,” you need a prior belief about what 403 means on this target. Is 403 the WAF? Is it the framework’s default deny? Is it the platform’s grading endpoint refusing because you skipped a step earlier? You learn that by watching a couple of flags resolve in front of you, by hand, with the network tab open. You don’t learn it from a writeup.

Without that baseline the subagents aren’t wrong — they’re unreadable. You can’t tell a real dead end from a misconfigured request. The parallelism stops being a multiplier and starts being a way to burn token budget faster.

Why It Gets Worse, Not Better, with an LLM

The usual case for skipping a familiarisation step is the model knows this already, I don’t need to re-derive it. That argument inverts here.

A subagent solves its one flag, drops a note in its file, and exits. It doesn’t accumulate platform-shaped intuition across the rest of the run — that lives in INTEL.md, which is written by the main agent, which is you and the model together. If you haven’t seen the target with your own eyes, the intel doc you maintain is hearsay. The subagents now share a belief sourced from nothing.

The cheapest insurance against that is an evening of orient, before any agent is dispatched at all.

What Survives if You Only Keep Stage 0

If you only have time for one stage of the loop, keep this one. Skip the templates, skip the per-flag briefs, skip parallel dispatch entirely — just sit with the target for a hand-solved evening. You will not finish the event. You will, however, finish the event with a working mental model of the target, which is what every later automation needs to lean on.

The workflow exists because attacking flags in parallel is genuinely faster. Stage 0 exists because being fast at the wrong thing is the most expensive failure mode in this whole loop.

The skill that drives the rest of the loop is at github.com/wickes1/claude-code-ctf-workflow — meta-skill plus a web adapter, MIT, clone-and-go.

// tags: claude code · ctf · agents