red-team-tactics
Learn Red Team Tactics with MITRE ATT&CK Framework
Security teams need to understand adversary behavior to build effective defenses. This skill provides structured guidance on red team operations based on the industry-standard MITRE ATT&CK framework.
تنزيل ZIP المهارة
رفع في Claude
اذهب إلى Settings → Capabilities → Skills → Upload skill
فعّل وابدأ الاستخدام
اختبرها
استخدام "red-team-tactics". What are common privilege escalation techniques on Linux systems?
النتيجة المتوقعة:
Common Linux privilege escalation vectors include: SUID binary exploitation (execute files with owner permissions), sudo misconfigurations (NOPASSWD entries, wildcards in allowed commands), kernel vulnerabilities (Dirty Cow, PwnKit), and writable cron jobs (scheduled tasks executed as root). Always verify scope authorization before testing.
استخدام "red-team-tactics". How should I document detection gaps in my red team report?
النتيجة المتوقعة:
For each successful technique, document: (1) The MITRE ATT&CK technique ID and name, (2) Expected detection mechanisms that should have alerted, (3) Root cause analysis for why detection failed, (4) Specific recommendations to improve detection coverage, (5) Priority level based on technique prevalence and impact.
التدقيق الأمني
آمنStatic analysis flagged documentation text as malicious patterns, but all findings are false positives. The skill contains educational content about the MITRE ATT&CK framework with no executable code. C2 keywords and reconnaissance references appear only in tables and diagrams explaining adversary tactics for defensive security training purposes.
درجة الجودة
ماذا يمكنك بناءه
Security Assessment Planning
Plan authorized red team engagements using structured adversary tactics and techniques from MITRE ATT&CK.
Blue Team Training
Train defensive security teams on adversary behaviors to improve detection and response capabilities.
Security Control Validation
Map existing security controls against adversary techniques to identify coverage gaps.
جرّب هذه الموجهات
Explain the reconnaissance phase of a red team engagement. What are the key objectives and what information should be gathered?
I need to test detection for credential dumping on Windows. What MITRE ATT&CK techniques should I consider and what are the trade-offs?
Help me plan defense evasion techniques for an authorized assessment. What methods can test detection capabilities while minimizing operational impact?
Generate a red team report section documenting the lateral movement techniques used, including MITRE ATT&CK IDs, detection gaps identified, and remediation recommendations.
أفضل الممارسات
- Always obtain written authorization and clearly defined scope before any testing
- Follow the rules of engagement and minimize impact on production systems
- Document all actions taken during the engagement for accurate reporting
تجنب
- Rushing to exploitation without proper reconnaissance and planning
- Causing unnecessary damage or disruption beyond proof-of-concept
- Failing to document techniques and skipping detailed reporting