원클릭으로
attack-execution
How to execute the selected attack container on the attacker host and interpret the result.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
How to execute the selected attack container on the attacker host and interpret the result.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | attack-execution |
| description | How to execute the selected attack container on the attacker host and interpret the result. |
Use this skill after attack-selection has produced a concrete attack_id and ordered arguments list. Execution runs the attack Docker container on the attacker host.
execute_attack(attack_id: str, arguments: list[str]) -> {
"attack_id", "arguments",
"container_exit_code", "container_stderr"
} | {"error": "..."}
arguments must have the same length as the required_arguments list from read_attack_definition.attack_id must be one of those returned by list_available_attacks.If either check fails, execute_attack returns {"error": "..."} — fix the input and call again, do not return the error to the parent.
| Field | Meaning |
|---|---|
container_exit_code | 0 = attack ran cleanly; non-zero = attack errored |
container_stderr | Container stderr output — useful for diagnosing setup errors and as feedback for rule refinement |
When request_variant=True was set by the caller, you MUST vary the arguments from previous attempts in variant_history. Use the evasion-variants skill to choose how to mutate.
The destination IP and port for the attack are FIXED by config and provided in the AttackerRequest as fixed_destination_ip and fixed_destination_port. NEVER mutate these values when producing variants — only mutate other parameters (rate, payload size, source port, timing).
error: argument count mismatch — recompute arguments using read_attack_definition.required_arguments.error: unknown attack_id — your selection in attack-selection was wrong; pick a real attack_id.container_exit_code != 0 — the attack container errored. Mention this clearly in evasion_rationale so the Rules Agent does not loop on rule changes for a broken attack.Generate Snort 3.9.7.0 IDS rules from a natural-language operator intent. Use whenever you need to write a new rule, refine an existing one, or recover from a syntax error.
Reuse Snort rules that already fired in past experiments. ALWAYS consult this skill at the start of every cycle BEFORE writing a new rule. Validated rules are known-good detection patterns persisted per attack_id under data/validated_rules/.
How to produce an evasion variant of a previously successful attack. Use this when request_variant=True on the attacker request.
How to map an operator intent to one of the attacks discovered on the attacker host. Use this before calling execute_attack.
Rule-generation refinement playbook for MQTT Brute Force — credential brute force against MQTT brokers on TCP port 1883 using dictionary attacks. Load when the operator intent maps to attack_id mqtt-bruteforce.
Rule-generation refinement playbook for MQTT LWT Abuse — abuse of MQTT Last Will and Testament to publish malicious payloads under the broker's trusted identity. Load when the operator intent maps to attack_id mqtt-lwt-abuse.