ranbot-ai/red-team-tactics
skills/red-team-tactics/SKILL.md
Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
$ install --global
skillsauthnpx skillsauth add ranbot-ai/awesome-skills red-team-tacticsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 2, 2026, 5:45 AM232.7s1 file scanned
SKILL.md
- name:
- red-team-tactics
- description:
- Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
- category:
- Security & Systems
- source:
- antigravity
- tags:
- [ai, workflow, document, security, cro]
- url:
- https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/red-team-tactics
AUTHORIZED USE ONLY: Use this skill only for authorized security assessments, defensive validation, or controlled educational environments.
Red Team Tactics
Adversary simulation principles based on MITRE ATT&CK framework.
1. MITRE ATT&CK Phases
Attack Lifecycle
RECONNAISSANCE → INITIAL ACCESS → EXECUTION → PERSISTENCE
↓ ↓ ↓ ↓
PRIVILEGE ESC → DEFENSE EVASION → CRED ACCESS → DISCOVERY
↓ ↓ ↓ ↓
LATERAL MOVEMENT → COLLECTION → C2 → EXFILTRATION → IMPACT
Phase Objectives
| Phase | Objective | |-------|-----------| | Recon | Map attack surface | | Initial Access | Get first foothold | | Execution | Run code on target | | Persistence | Survive reboots | | Privilege Escalation | Get admin/root | | Defense Evasion | Avoid detection | | Credential Access | Harvest credentials | | Discovery | Map internal network | | Lateral Movement | Spread to other systems | | Collection | Gather target data | | C2 | Maintain command channel | | Exfiltration | Extract data |
2. Reconnaissance Principles
Passive vs Active
| Type | Trade-off | |------|-----------| | Passive | No target contact, limited info | | Active | Direct contact, more detection risk |
Information Targets
| Category | Value | |----------|-------| | Technology stack | Attack vector selection | | Employee info | Social engineering | | Network ranges | Scanning scope | | Third parties | Supply chain attack |
3. Initial Access Vectors
Selection Criteria
| Vector | When to Use | |--------|-------------| | Phishing | Human target, email access | | Public exploits | Vulnerable services exposed | | Valid credentials | Leaked or cracked | | Supply chain | Third-party access |
4. Privilege Escalation Principles
Windows Targets
| Check | Opportunity | |-------|-------------| | Unquoted service paths | Write to path | | Weak service permissions | Modify service | | Token privileges | Abuse SeDebug, etc. | | Stored credentials | Harvest |
Linux Targets
| Check | Opportunity | |-------|-------------| | SUID binaries | Execute as owner | | Sudo misconfiguration | Command execution | | Kernel vulnerabilities | Kernel exploits | | Cron jobs | Writable scripts |
5. Defense Evasion Principles
Key Techniques
| Technique | Purpose | |-----------|---------| | LOLBins | Use legitimate tools | | Obfuscation | Hide malicious code | | Timestomping | Hide file modifications | | Log clearing | Remove evidence |
Operational Security
- Work during business hours
- Mimic legitimate traffic patterns
- Use encrypted channels
- Blend with normal behavior
6. Lateral Movement Principles
Credential Types
| Type | Use | |------|-----| | Password | Standard auth | | Hash | Pass-the-hash | | Ticket | Pass-the-ticket | | Certificate | Certificate auth |
Movement Paths
- Admin shares
- Remote services (RDP, SSH, WinRM)
- Exploitation of internal services
7. Active Directory Attacks
Attack Categories
| Attack | Target | |--------|--------| | Kerberoasting | Service account passwords | | AS-REP Roasting | Accounts without pre-auth | | DCSync | Domain credentials | | Golden Ticket | Persistent domain access |
8. Reporting Principles
Attack Narrative
Document the full attack chain:
- How initial access was gained
- What techniques were used
- What objectives were achieved
- Where detection failed
Detection Gaps
For each successful technique:
- What should have detected it?
- Why didn't detection work?
- How to improve detection
9. Ethical Boundaries
Always
- Stay within scope
- Minimize impact
- Report immediately if real threat found
- Document all actions
Never
- Destroy production data
- Cause denial of service (unless scoped)
- Access beyond proof of concept
- Retain sensitive data
10. Anti-Patterns
| ❌ Don't | ✅ Do | |----------|-------| | Rush to exploitation | Follow methodology | | Cause damage | Minimize impact | | Skip reporting | Document everything | | Ignore scope | Stay within boundaries |
Remember: Red team simulates attackers to improve defenses, not to cause harm.
When to Use
This skill is applicable to execute the workflow or actions described in the overview.
Related Skills
ranbot-ai/nextjs-seo-indexing
testing
VerifiedTrustedCommunity
Fix SEO indexing issues, crawl budget problems, and Search Console coverage errors for Next.js apps. Covers canonical tags, noindex audits, sitemap health, static rendering, and internal linking.
5SKILL.mdUpdated Jun 2, 2026
ranbot-ai/moatmri
data-ai
VerifiedTrustedCommunity
Analyze AI disruption pressure across a business, map competitive exposure, and produce a 90-day defensive action plan.
5SKILL.mdUpdated Jun 2, 2026
ranbot-ai/skills/longbridge
tools
VerifiedTrustedCommunity
--- name: longbridge description: 125+ agent skills for Longbridge Securities — real-time quotes, charts, fundamentals, portfolio analysis, options, and more for HK/US/A-share/SG markets. Trilingual: Simplified Chinese, Traditional category: AI & Agents source: antigravity tags: [api, mcp, claude, ai, agent, security, cro] url: https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/longbridge --- # Longbridge ## Overview Longbridge is the official skill collection for Longbr
5SKILL.mdUpdated Jun 2, 2026
ranbot-ai/github-actions-advanced
tools
VerifiedTrustedCommunity
Design, debug, and harden GitHub Actions CI/CD workflows, including reusable workflows, matrix builds, self-hosted runners, OIDC authentication, caching, environments, secrets, and release automation.
5SKILL.mdUpdated Jun 2, 2026