ReddRadar
Agent skill
red-team-tactics
Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
Install this agent skill to your Project
npx add-skill https://github.com/aiskillstore/marketplace/tree/main/skills/sickn33/red-team-tactics
SKILL.md
Red Team Tactics
Adversary simulation principles based on MITRE ATT&CK framework.
1. MITRE ATT&CK Phases
Attack Lifecycle
RECONNAISSANCE → INITIAL ACCESS → EXECUTION → PERSISTENCE
↓ ↓ ↓ ↓
PRIVILEGE ESC → DEFENSE EVASION → CRED ACCESS → DISCOVERY
↓ ↓ ↓ ↓
LATERAL MOVEMENT → COLLECTION → C2 → EXFILTRATION → IMPACT
Phase Objectives
| Phase | Objective |
|---|---|
| Recon | Map attack surface |
| Initial Access | Get first foothold |
| Execution | Run code on target |
| Persistence | Survive reboots |
| Privilege Escalation | Get admin/root |
| Defense Evasion | Avoid detection |
| Credential Access | Harvest credentials |
| Discovery | Map internal network |
| Lateral Movement | Spread to other systems |
| Collection | Gather target data |
| C2 | Maintain command channel |
| Exfiltration | Extract data |
2. Reconnaissance Principles
Passive vs Active
| Type | Trade-off |
|---|---|
| Passive | No target contact, limited info |
| Active | Direct contact, more detection risk |
Information Targets
| Category | Value |
|---|---|
| Technology stack | Attack vector selection |
| Employee info | Social engineering |
| Network ranges | Scanning scope |
| Third parties | Supply chain attack |
3. Initial Access Vectors
Selection Criteria
| Vector | When to Use |
|---|---|
| Phishing | Human target, email access |
| Public exploits | Vulnerable services exposed |
| Valid credentials | Leaked or cracked |
| Supply chain | Third-party access |
4. Privilege Escalation Principles
Windows Targets
| Check | Opportunity |
|---|---|
| Unquoted service paths | Write to path |
| Weak service permissions | Modify service |
| Token privileges | Abuse SeDebug, etc. |
| Stored credentials | Harvest |
Linux Targets
| Check | Opportunity |
|---|---|
| SUID binaries | Execute as owner |
| Sudo misconfiguration | Command execution |
| Kernel vulnerabilities | Kernel exploits |
| Cron jobs | Writable scripts |
5. Defense Evasion Principles
Key Techniques
| Technique | Purpose |
|---|---|
| LOLBins | Use legitimate tools |
| Obfuscation | Hide malicious code |
| Timestomping | Hide file modifications |
| Log clearing | Remove evidence |
Operational Security
- Work during business hours
- Mimic legitimate traffic patterns
- Use encrypted channels
- Blend with normal behavior
6. Lateral Movement Principles
Credential Types
| Type | Use |
|---|---|
| Password | Standard auth |
| Hash | Pass-the-hash |
| Ticket | Pass-the-ticket |
| Certificate | Certificate auth |
Movement Paths
- Admin shares
- Remote services (RDP, SSH, WinRM)
- Exploitation of internal services
7. Active Directory Attacks
Attack Categories
| Attack | Target |
|---|---|
| Kerberoasting | Service account passwords |
| AS-REP Roasting | Accounts without pre-auth |
| DCSync | Domain credentials |
| Golden Ticket | Persistent domain access |
8. Reporting Principles
Attack Narrative
Document the full attack chain:
- How initial access was gained
- What techniques were used
- What objectives were achieved
- Where detection failed
Detection Gaps
For each successful technique:
- What should have detected it?
- Why didn't detection work?
- How to improve detection
9. Ethical Boundaries
Always
- Stay within scope
- Minimize impact
- Report immediately if real threat found
- Document all actions
Never
- Destroy production data
- Cause denial of service (unless scoped)
- Access beyond proof of concept
- Retain sensitive data
10. Anti-Patterns
| ❌ Don't | ✅ Do |
|---|---|
| Rush to exploitation | Follow methodology |
| Cause damage | Minimize impact |
| Skip reporting | Document everything |
| Ignore scope | Stay within boundaries |
Remember: Red team simulates attackers to improve defenses, not to cause harm.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
aiskillstore/marketplace
perigon-backend
Perigon ASP.NET Core + EF Core + Aspire conventions
aiskillstore/marketplace
perigon-agent
Pointers for Copilot/agents to apply Perigon conventions
aiskillstore/marketplace
perigon-angular
Angular 21+ standalone/Material/signal conventions for Perigon WebApp
aiskillstore/marketplace
fastapi-mastery
Comprehensive FastAPI development skill covering REST API creation, routing, request/response handling, validation, authentication, database integration, middleware, and deployment. Use when working with FastAPI projects, building APIs, implementing CRUD operations, setting up authentication/authorization, integrating databases (SQL/NoSQL), adding middleware, handling WebSockets, or deploying FastAPI applications. Triggered by requests involving .py files with FastAPI code, API endpoint creation, Pydantic models, or FastAPI-specific features.
aiskillstore/marketplace
context7-efficient
Token-efficient library documentation fetcher using Context7 MCP with 86.8% token savings through intelligent shell pipeline filtering. Fetches code examples, API references, and best practices for JavaScript, Python, Go, Rust, and other libraries. Use when users ask about library documentation, need code examples, want API usage patterns, are learning a new framework, need syntax reference, or troubleshooting with library-specific information. Triggers include questions like "Show me React hooks", "How do I use Prisma", "What's the Next.js routing syntax", or any request for library/framework documentation.
aiskillstore/marketplace
browser-use
Browser automation using Playwright MCP. Navigate websites, fill forms, click elements, take screenshots, and extract data. Use when tasks require web browsing, form submission, web scraping, UI testing, or any browser interaction.
Didn't find tool you were looking for?