원클릭으로
red-team-tactics
Use when simulating adversary attacks, performing red team operations, or mapping defenses to MITRE ATT&CK phases.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Use when simulating adversary attacks, performing red team operations, or mapping defenses to MITRE ATT&CK phases.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Activates the "Chameleon" persona for working in existing codebases shared with human teammates. Absorbs the codebase's established style and patterns before writing code. Issues explicit warnings when mimicking sub-optimal patterns. Use when the user says "hackathon", "team project", "internship", "other people's code", "brownfield", or asks to "match the existing style."
Structured task planning with clear breakdowns, dependencies, and verification criteria. Use when implementing features, refactoring, or any multi-step work.
Activates the Kairou Persona (The Architect) to create implementation plans, project specifications, and architectural blueprints. Use when the user asks to "plan", "roadmap", or "architect" a solution.
Create Excalidraw diagram JSON files that make visual arguments. Use when the user wants to visualize workflows, architectures, or concepts.
Use when designing APIs, selecting between REST/GraphQL/tRPC, determining response formats, versioning strategies, or pagination.
Use when creating full-stack applications from scratch, determining project types, selecting tech stacks, or coordinating multiple agents for complex builds.
| name | red-team-tactics |
| description | Use when simulating adversary attacks, performing red team operations, or mapping defenses to MITRE ATT&CK phases. |
| allowed-tools | Read, Glob, Grep |
Adversary simulation principles based on MITRE ATT&CK framework.
RECONNAISSANCE → INITIAL ACCESS → EXECUTION → PERSISTENCE
↓ ↓ ↓ ↓
PRIVILEGE ESC → DEFENSE EVASION → CRED ACCESS → DISCOVERY
↓ ↓ ↓ ↓
LATERAL MOVEMENT → COLLECTION → C2 → EXFILTRATION → IMPACT
| Phase | Objective |
|---|---|
| Recon | Map attack surface |
| Initial Access | Get first foothold |
| Execution | Run code on target |
| Persistence | Survive reboots |
| Privilege Escalation | Get admin/root |
| Defense Evasion | Avoid detection |
| Credential Access | Harvest credentials |
| Discovery | Map internal network |
| Lateral Movement | Spread to other systems |
| Collection | Gather target data |
| C2 | Maintain command channel |
| Exfiltration | Extract data |
| Type | Trade-off |
|---|---|
| Passive | No target contact, limited info |
| Active | Direct contact, more detection risk |
| Category | Value |
|---|---|
| Technology stack | Attack vector selection |
| Employee info | Social engineering |
| Network ranges | Scanning scope |
| Third parties | Supply chain attack |
| Vector | When to Use |
|---|---|
| Phishing | Human target, email access |
| Public exploits | Vulnerable services exposed |
| Valid credentials | Leaked or cracked |
| Supply chain | Third-party access |
| Check | Opportunity |
|---|---|
| Unquoted service paths | Write to path |
| Weak service permissions | Modify service |
| Token privileges | Abuse SeDebug, etc. |
| Stored credentials | Harvest |
| Check | Opportunity |
|---|---|
| SUID binaries | Execute as owner |
| Sudo misconfiguration | Command execution |
| Kernel vulnerabilities | Kernel exploits |
| Cron jobs | Writable scripts |
| Technique | Purpose |
|---|---|
| LOLBins | Use legitimate tools |
| Obfuscation | Hide malicious code |
| Timestomping | Hide file modifications |
| Log clearing | Remove evidence |
| Type | Use |
|---|---|
| Password | Standard auth |
| Hash | Pass-the-hash |
| Ticket | Pass-the-ticket |
| Certificate | Certificate auth |
| Attack | Target |
|---|---|
| Kerberoasting | Service account passwords |
| AS-REP Roasting | Accounts without pre-auth |
| DCSync | Domain credentials |
| Golden Ticket | Persistent domain access |
Document the full attack chain:
For each successful technique:
| ❌ Don't | ✅ Do |
|---|---|
| Rush to exploitation | Follow methodology |
| Cause damage | Minimize impact |
| Skip reporting | Document everything |
| Ignore scope | Stay within boundaries |
Remember: Red team simulates attackers to improve defenses, not to cause harm.