一键导入
evasion-variants
How to produce an evasion variant of a previously successful attack. Use this when request_variant=True on the attacker request.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
How to produce an evasion variant of a previously successful attack. Use this when request_variant=True on the attacker request.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Generate Snort 3.9.7.0 IDS rules from a natural-language operator intent. Use whenever you need to write a new rule, refine an existing one, or recover from a syntax error.
Reuse Snort rules that already fired in past experiments. ALWAYS consult this skill at the start of every cycle BEFORE writing a new rule. Validated rules are known-good detection patterns persisted per attack_id under data/validated_rules/.
How to execute the selected attack container on the attacker host and interpret the result.
How to map an operator intent to one of the attacks discovered on the attacker host. Use this before calling execute_attack.
Rule-generation refinement playbook for MQTT Brute Force — credential brute force against MQTT brokers on TCP port 1883 using dictionary attacks. Load when the operator intent maps to attack_id mqtt-bruteforce.
Rule-generation refinement playbook for MQTT LWT Abuse — abuse of MQTT Last Will and Testament to publish malicious payloads under the broker's trusted identity. Load when the operator intent maps to attack_id mqtt-lwt-abuse.
| name | evasion-variants |
| description | How to produce an evasion variant of a previously successful attack. Use this when request_variant=True on the attacker request. |
When the Rules Agent has already deployed a rule that detected the previous attack, it asks the Attack Agent for a VARIANT — an attempt to bypass that rule without leaving the operator intent.
request_variant=True on the AttackerRequest.variant_history contains at least one attack with fired=True.Stay within the operator intent (same protocol, same target, same attack class), but mutate the attack so the deployed rule fails to match.
Before attempting any mutation, call:
get_skill_reference("<attack_id>", "refinamento.md")
This loads three things for the specific attack family:
Use the adaptation algorithm to decide WHICH mutation to apply before choosing a level.
If the attack exposes non-destination parameters (rate, count, payload size, timing, source port, etc.), mutate those values.
Common levers:
detection_filter thresholds or burst above them.dsize-relevant lengths.Set evasion_rationale to a one-line explanation of WHY this mutation should evade the rule, then call execute_attack with the new arguments.
When the attack exposes only destination-fixed arguments (target + port) and no other parameters exist, argument mutation cannot produce a variant. You MUST modify the attack source files on the attacker host and rebuild the Docker image.
Steps:
list_attack_files(attack_id) to discover the actual filenames in the attack directory — NEVER guess. Then call read_attack_source_file(attack_id, filename) to inspect the relevant source file (typically the .c or .py file, not the Dockerfile or entrypoint).modify_attack_file(attack_id, filename, new_content) to write it to the attacker host.rebuild_attack_image(attack_id) to rebuild the Docker image. Verify exit_code == 0 before proceeding.execute_attack(attack_id, arguments) as usual — the container now runs the mutated code.Set evasion_rationale to a one-line explanation of the strategy applied and the rule mechanism it targets.
attack_id between variants of the same intent — same intent must use the same attack class.required_arguments schema — mutate VALUES (Level 1) or internal source logic (Level 2), not the argument list shape.fixed_destination_ip or fixed_destination_port across variants.execute_attack without rebuilding first if you modified source files.refinamento.md — without the adaptation algorithm you will repeat defeated strategies.