Blackdagger - Cyber Workflow Automation Framework

Presented at DEF CON 33 (2025), Aug. 8, 2025, 11 a.m. (45 minutes).

Blackdagger is a next-gen cybersecurity workflow automation framework built to streamline and accelerate complex operations across DevSecOps, MLOps, MLSecOps, and Continuous Automated Red Teaming (CART). It uses a declarative YAML-based Directed Acyclic Graph (DAG) system to define, visualize, and execute automated pipelines — no heavy scripting required. With a built-in web UI, a containerized red teaming toolkit called Blackcart, and integration with GitHub Actions for OPSEC-friendly task execution, Blackdagger empowers teams to deploy, manage, and scale cyber workflows in real-time. Attendees will see live demos of red team pipelines, stealthy GitHub-based automation, and browser-based workflow execution via the Blackdagger Web Kit. Whether you're defending or attacking, Blackdagger turns security automation into an intuitive, visual experience — backed by real-world NATO and defense applications.

Presenters:

• Mahmut "ErdemOzgen" Erdem Ozgen
  Mahmut is a computer engineer from Ankara, Turkey, specializing in software engineering, cybersecurity, ML systems, and DevSecOps. A Bahcesehir University graduate (2015-2020), he has played key roles at HAVELSAN, developing secure DevSecOps pipelines and cybersecurity architectures for Turkish Armed Forces, contributing to national security systems advancement. He has extensive experience with machine learning and LLMs, applying theoretical concepts to practical solutions. As a student research assistant at Istanbul Big Data Education and Research Center, he implemented learning-based algorithms for drone routing and conducted text processing and sentiment analysis. His technical expertise encompasses Python, Go, C/C++, Java, JavaScript, Docker, Kubernetes, Terraform, and blockchain technologies. Fluent in English and Turkish, he has received notable recognition, including first place in the Presidency of Defence Industries Cyber Capstone Projects and a full scholarship from Bahcesehir University. Additionally, he has served on the NATO Locked Shields exercise green team, implementing ML and LLM-based systems, and currently serves as a red team capability leader in the NATO CWIX exercise.
• Ata Seren
  Ata is a specialized cyber security engineer with expertise in application security, DevSecOps, and penetration testing. Currently pursuing a Master’s degree in Cyber Security at Middle East Technical University, his thesis focuses on static application security testing, tool mechanisms, and innovative approaches in the field. With professional experience at HAVELSAN, he has contributed to significant NATO projects and open-source cybersecurity tools including DevSecOpsBuilder, Blackcart, and Blackdagger. His involvement in the NATO Locked Shields exercise in 2024 and 2025 demonstrates his practical expertise in cyber defense operations at an international level. A recognized voice in the cybersecurity community, he has presented the Blackdagger tool at Black Hat USA, Europe, and Asia conferences alongside his colleague. Most recently, he spoke at CyCon 2025, introducing a new cybersecurity framework to industry professionals. His technical proficiency spans multiple programming languages including Python, Golang, and C/C++, complemented by extensive knowledge of cybersecurity fundamentals, cloud security, and AI/ML approaches to security challenges. He is currently expanding his red teaming capabilities while studying for the OSCP certification from OffSec.

Similar Presentations:

• CarolinaCon Online 2021 Virtual / Practical Infrastructure Automation For Red Teams
• GrrCON 2017 / Real-World Red Teaming