Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
Add this skill
npx mdskills install sickn33/red-team-tacticsWell-structured reference guide with clear MITRE ATT&CK phases and ethical boundaries
Adversary simulation principles based on MITRE ATT&CK framework.
RECONNAISSANCE → INITIAL ACCESS → EXECUTION → PERSISTENCE
↓ ↓ ↓ ↓
PRIVILEGE ESC → DEFENSE EVASION → CRED ACCESS → DISCOVERY
↓ ↓ ↓ ↓
LATERAL MOVEMENT → COLLECTION → C2 → EXFILTRATION → IMPACT
| Phase | Objective |
|---|---|
| Recon | Map attack surface |
| Initial Access | Get first foothold |
| Execution | Run code on target |
| Persistence | Survive reboots |
| Privilege Escalation | Get admin/root |
| Defense Evasion | Avoid detection |
| Credential Access | Harvest credentials |
| Discovery | Map internal network |
| Lateral Movement | Spread to other systems |
| Collection | Gather target data |
| C2 | Maintain command channel |
| Exfiltration | Extract data |
| Type | Trade-off |
|---|---|
| Passive | No target contact, limited info |
| Active | Direct contact, more detection risk |
| Category | Value |
|---|---|
| Technology stack | Attack vector selection |
| Employee info | Social engineering |
| Network ranges | Scanning scope |
| Third parties | Supply chain attack |
| Vector | When to Use |
|---|---|
| Phishing | Human target, email access |
| Public exploits | Vulnerable services exposed |
| Valid credentials | Leaked or cracked |
| Supply chain | Third-party access |
| Check | Opportunity |
|---|---|
| Unquoted service paths | Write to path |
| Weak service permissions | Modify service |
| Token privileges | Abuse SeDebug, etc. |
| Stored credentials | Harvest |
| Check | Opportunity |
|---|---|
| SUID binaries | Execute as owner |
| Sudo misconfiguration | Command execution |
| Kernel vulnerabilities | Kernel exploits |
| Cron jobs | Writable scripts |
| Technique | Purpose |
|---|---|
| LOLBins | Use legitimate tools |
| Obfuscation | Hide malicious code |
| Timestomping | Hide file modifications |
| Log clearing | Remove evidence |
| Type | Use |
|---|---|
| Password | Standard auth |
| Hash | Pass-the-hash |
| Ticket | Pass-the-ticket |
| Certificate | Certificate auth |
| Attack | Target |
|---|---|
| Kerberoasting | Service account passwords |
| AS-REP Roasting | Accounts without pre-auth |
| DCSync | Domain credentials |
| Golden Ticket | Persistent domain access |
Document the full attack chain:
For each successful technique:
| ❌ Don't | ✅ Do |
|---|---|
| Rush to exploitation | Follow methodology |
| Cause damage | Minimize impact |
| Skip reporting | Document everything |
| Ignore scope | Stay within boundaries |
Remember: Red team simulates attackers to improve defenses, not to cause harm.
Install via CLI
npx mdskills install sickn33/red-team-tacticsRed Team Tactics is a free, open-source AI agent skill. Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
Install Red Team Tactics with a single command:
npx mdskills install sickn33/red-team-tacticsThis downloads the skill files into your project and your AI agent picks them up automatically.
Red Team Tactics works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.