بنقرة واحدة
attack-execution
How to execute the selected attack container on the attacker host and interpret the result.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
How to execute the selected attack container on the attacker host and interpret the result.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Generate Snort 3.9.7.0 IDS rules from a natural-language operator intent. Use whenever you need to write a new rule, refine an existing one, or recover from a syntax error.
Reuse Snort rules that already fired in past experiments. ALWAYS consult this skill at the start of every cycle BEFORE writing a new rule. Validated rules are known-good detection patterns persisted per attack_id under data/validated_rules/.
How to produce an evasion variant of a previously successful attack. Use this when request_variant=True on the attacker request.
How to map an operator intent to one of the attacks discovered on the attacker host. Use this before calling execute_attack.
Rule-generation refinement playbook for MQTT Brute Force — credential brute force against MQTT brokers on TCP port 1883 using dictionary attacks. Load when the operator intent maps to attack_id mqtt-bruteforce.
Rule-generation refinement playbook for MQTT LWT Abuse — abuse of MQTT Last Will and Testament to publish malicious payloads under the broker's trusted identity. Load when the operator intent maps to attack_id mqtt-lwt-abuse.
| name | attack-execution |
| description | How to execute the selected attack container on the attacker host and interpret the result. |
Use this skill after attack-selection has produced a concrete attack_id and ordered arguments list. Execution runs the attack Docker container on the attacker host.
execute_attack(attack_id: str, arguments: list[str]) -> {
"attack_id", "arguments",
"container_exit_code", "container_stderr"
} | {"error": "..."}
arguments must have the same length as the required_arguments list from read_attack_definition.attack_id must be one of those returned by list_available_attacks.If either check fails, execute_attack returns {"error": "..."} — fix the input and call again, do not return the error to the parent.
| Field | Meaning |
|---|---|
container_exit_code | 0 = attack ran cleanly; non-zero = attack errored |
container_stderr | Container stderr output — useful for diagnosing setup errors and as feedback for rule refinement |
When request_variant=True was set by the caller, you MUST vary the arguments from previous attempts in variant_history. Use the evasion-variants skill to choose how to mutate.
The destination IP and port for the attack are FIXED by config and provided in the AttackerRequest as fixed_destination_ip and fixed_destination_port. NEVER mutate these values when producing variants — only mutate other parameters (rate, payload size, source port, timing).
error: argument count mismatch — recompute arguments using read_attack_definition.required_arguments.error: unknown attack_id — your selection in attack-selection was wrong; pick a real attack_id.container_exit_code != 0 — the attack container errored. Mention this clearly in evasion_rationale so the Rules Agent does not loop on rule changes for a broken attack.