Vibe Off, Spec On — Building Real Offensive Tools with Claude Code

A 3-day hands-on training. No canned labs: the class votes on a real offensive tool on day one, specs it with Claude, and ships a working application by day three.

Dates Sept 21–23, 2026

Format 3 days, in-person

Trainer Vito Rallo

Venue Lamot, Mechelen

Most AI security courses hand you a finished lab and walk you through it. This one doesn't. On the first morning the room votes on a real tool to build — then we draft the spec with Claude, write the code, test it, and deploy it together. Nobody, including the trainer, knows exactly what we'll ship until we ship it. You leave with battle-tested patterns for using Claude Code in security R&D, and a working tool you helped build from scratch.

What you'll walk away with

Two years of accumulated R&D on driving Claude Code for serious offensive work — distilled into three days.

Spec-driven development

Stop "vibe-coding" security tools. Use OpenSpec to drive Claude with intent, so output is reviewable, reproducible, and safe to ship.

Custom skills & subagents

Author your own skills, build subagents, wire up hooks, and distribute plugins across the Claude Code ecosystem.

MCP for production

Integrate MCP servers into real workflows — connecting Claude to the tools, data, and infrastructure your tooling depends on.

Testing the non-deterministic

Eval harnesses, golden testing, and Playwright-driven TDD for systems that don't behave the same way twice.

Ship & distribute

Packaging across platforms and package managers, containerization, and sandbox architectures for security tools.

The FOIL playbook

The exact techniques behind FOIL — the scanner that surfaced a 22-year-old zero-day — plus local-LLM and hybrid deployment options.

Three days, eight sessions

From an empty repo to a packaged, hardened tool — everything runs on your own machine.

Day 1

Tool, environment & project kickoff

Claude Code 101 for offensive engineers — anatomy, settings, and an honest read on what it can and can't do.
The Anthropic toolkit deep-dive — custom skills, subagents, hooks, MCP servers, and ecosystem plugins.
Spec-driven development — OpenSpec methodology instead of improvising. The class picks the tool we build.

Day 2

Implementation & testing

Test-driven development — evaluation harnesses and golden testing with Playwright for non-deterministic systems.
Deployment patterns — shipping security tools, containerization, and sandbox architectures.

Day 3

Distribution & hardening

Packaging — multi-platform distribution across package managers.
Local LLM & hybrid infra — on-device deployment alternatives and hybrid approaches.
Code review & vuln assessment — review workflows and the FOIL methodology, end to end.

Before you arrive

Prerequisites

Comfortable with shell, git, and either Python or TypeScript
Working knowledge of offensive security fundamentals
No hacking credentials required — just real motivation to ship

What to bring

A laptop with Docker pre-installed
An active Claude Code account (Pro/Max) or API credits with adequate budget
A budget guide is sent two weeks ahead so nobody runs out of credit

Who should attend

Developers, security researchers, and tool authors
Anyone who wants to stop watching demos and start shipping
All exercises run on your machine — no shared lab, all open-source / free-tier software

Taught by the maker of FOIL

The curriculum is grounded in real work, not slideware. Vito Rallo — founder of PEACH STUDIO, cybersecurity consultant partner at Kyndryl, and former Global Head of Red Team at Kroll — built FOIL, the local-first security scanner that surfaced a 22-year-old zero-day. You'll learn the same patterns he used to build it.

Explore FOIL

Join us at BruCON 2026

Three days in Mechelen, Belgium — Sept 21–23, 2026. Seats are limited and hands-on.

Questions about the training? info@peachstudio.be