{"id":"a2ce2660-22a8-428d-b808-ae943af5ebf2","shortId":"nTBw5r","kind":"skill","title":"red-team-tactics","tagline":"Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.","description":"> AUTHORIZED USE ONLY: Use this skill only for authorized security assessments, defensive validation, or controlled educational environments.\n\n# Red Team Tactics\n\n> Adversary simulation principles based on MITRE ATT&CK framework.\n\n---\n\n## 1. MITRE ATT&CK Phases\n\n### Attack Lifecycle\n\n```\nRECONNAISSANCE → INITIAL ACCESS → EXECUTION → PERSISTENCE\n       ↓              ↓              ↓            ↓\n   PRIVILEGE ESC → DEFENSE EVASION → CRED ACCESS → DISCOVERY\n       ↓              ↓              ↓            ↓\nLATERAL MOVEMENT → COLLECTION → C2 → EXFILTRATION → IMPACT\n```\n\n### Phase Objectives\n\n| Phase | Objective |\n|-------|-----------|\n| **Recon** | Map attack surface |\n| **Initial Access** | Get first foothold |\n| **Execution** | Run code on target |\n| **Persistence** | Survive reboots |\n| **Privilege Escalation** | Get admin/root |\n| **Defense Evasion** | Avoid detection |\n| **Credential Access** | Harvest credentials |\n| **Discovery** | Map internal network |\n| **Lateral Movement** | Spread to other systems |\n| **Collection** | Gather target data |\n| **C2** | Maintain command channel |\n| **Exfiltration** | Extract data |\n\n---\n\n## 2. Reconnaissance Principles\n\n### Passive vs Active\n\n| Type | Trade-off |\n|------|-----------|\n| **Passive** | No target contact, limited info |\n| **Active** | Direct contact, more detection risk |\n\n### Information Targets\n\n| Category | Value |\n|----------|-------|\n| Technology stack | Attack vector selection |\n| Employee info | Social engineering |\n| Network ranges | Scanning scope |\n| Third parties | Supply chain attack |\n\n---\n\n## 3. Initial Access Vectors\n\n### Selection Criteria\n\n| Vector | When to Use |\n|--------|-------------|\n| **Phishing** | Human target, email access |\n| **Public exploits** | Vulnerable services exposed |\n| **Valid credentials** | Leaked or cracked |\n| **Supply chain** | Third-party access |\n\n---\n\n## 4. Privilege Escalation Principles\n\n### Windows Targets\n\n| Check | Opportunity |\n|-------|-------------|\n| Unquoted service paths | Write to path |\n| Weak service permissions | Modify service |\n| Token privileges | Abuse SeDebug, etc. |\n| Stored credentials | Harvest |\n\n### Linux Targets\n\n| Check | Opportunity |\n|-------|-------------|\n| SUID binaries | Execute as owner |\n| Sudo misconfiguration | Command execution |\n| Kernel vulnerabilities | Kernel exploits |\n| Cron jobs | Writable scripts |\n\n---\n\n## 5. Defense Evasion Principles\n\n### Key Techniques\n\n| Technique | Purpose |\n|-----------|---------|\n| LOLBins | Use legitimate tools |\n| Obfuscation | Hide malicious code |\n| Timestomping | Hide file modifications |\n| Log clearing | Remove evidence |\n\n### Operational Security\n\n- Work during business hours\n- Mimic legitimate traffic patterns\n- Use encrypted channels\n- Blend with normal behavior\n\n---\n\n## 6. Lateral Movement Principles\n\n### Credential Types\n\n| Type | Use |\n|------|-----|\n| Password | Standard auth |\n| Hash | Pass-the-hash |\n| Ticket | Pass-the-ticket |\n| Certificate | Certificate auth |\n\n### Movement Paths\n\n- Admin shares\n- Remote services (RDP, SSH, WinRM)\n- Exploitation of internal services\n\n---\n\n## 7. Active Directory Attacks\n\n### Attack Categories\n\n| Attack | Target |\n|--------|--------|\n| Kerberoasting | Service account passwords |\n| AS-REP Roasting | Accounts without pre-auth |\n| DCSync | Domain credentials |\n| Golden Ticket | Persistent domain access |\n\n---\n\n## 8. Reporting Principles\n\n### Attack Narrative\n\nDocument the full attack chain:\n1. How initial access was gained\n2. What techniques were used\n3. What objectives were achieved\n4. Where detection failed\n\n### Detection Gaps\n\nFor each successful technique:\n- What should have detected it?\n- Why didn't detection work?\n- How to improve detection\n\n---\n\n## 9. Ethical Boundaries\n\n### Always\n\n- Stay within scope\n- Minimize impact\n- Report immediately if real threat found\n- Document all actions\n\n### Never\n\n- Destroy production data\n- Cause denial of service (unless scoped)\n- Access beyond proof of concept\n- Retain sensitive data\n\n---\n\n## 10. Anti-Patterns\n\n| ❌ Don't | ✅ Do |\n|----------|-------|\n| Rush to exploitation | Follow methodology |\n| Cause damage | Minimize impact |\n| Skip reporting | Document everything |\n| Ignore scope | Stay within boundaries |\n\n---\n\n> **Remember:** Red team simulates attackers to improve defenses, not to cause harm.\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["red","team","tactics","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding"],"capabilities":["skill","source-sickn33","skill-red-team-tactics","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/red-team-tactics","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34583 github stars · SKILL.md body (4,756 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T18:52:07.398Z","embedding":null,"createdAt":"2026-04-18T21:43:26.335Z","updatedAt":"2026-04-22T18:52:07.398Z","lastSeenAt":"2026-04-22T18:52:07.398Z","tsv":"'1':48,367 '10':443 '2':127,373 '3':171,378 '4':202,383 '5':250 '6':291 '7':328 '8':357 '9':407 'abus':223 'access':57,65,82,103,173,185,201,356,370,435 'account':338,344 'achiev':382 'action':424,492 'activ':132,143,329 'admin':317 'admin/root':97 'adversari':39 'alway':410 'anti':445 'anti-pattern':444 'applic':486 'as-rep':340 'ask':530 'assess':29 'att':12,45,50 'attack':14,53,79,155,170,331,332,334,360,365,472 'auth':301,314,348 'author':19,27 'avoid':100 'base':9,42 'behavior':290 'beyond':436 'binari':234 'blend':287 'boundari':409,467,538 'busi':278 'c2':70,120 'categori':151,333 'caus':429,455,478 'certif':312,313 'chain':169,197,366 'channel':123,286 'check':208,231 'ck':13,46,51 'clarif':532 'clear':271,505 'code':88,265 'collect':69,116 'command':122,240 'concept':439 'contact':140,145 'control':33 'crack':195 'cred':64 'credenti':102,105,192,227,295,351 'criteria':176,541 'cron':246 'damag':456 'data':119,126,428,442 'dcsync':349 'defens':30,62,98,251,475 'denial':430 'describ':493,509 'destroy':426 'detect':16,101,147,385,387,396,401,406 'didn':399 'direct':144 'directori':330 'discoveri':66,106 'document':362,422,461 'domain':350,355 'educ':34 'email':184 'employe':158 'encrypt':285 'engin':161 'environ':35,521 'environment-specif':520 'esc':61 'escal':95,204 'etc':225 'ethic':408 'evas':17,63,99,252 'everyth':462 'evid':273 'execut':58,86,235,241,488 'exfiltr':71,124 'expert':526 'exploit':187,245,324,452 'expos':190 'extract':125 'fail':386 'file':268 'first':84 'follow':453 'foothold':85 'found':421 'framework':47 'full':364 'gain':372 'gap':388 'gather':117 'get':83,96 'golden':352 'harm':479 'harvest':104,228 'hash':302,306 'hide':263,267 'hour':279 'human':182 'ignor':463 'immedi':417 'impact':72,415,458 'improv':405,474 'info':142,159 'inform':149 'initi':56,81,172,369 'input':535 'intern':108,326 'job':247 'kerberoast':336 'kernel':242,244 'key':254 'later':67,110,292 'leak':193 'legitim':260,281 'lifecycl':54 'limit':141,497 'linux':229 'log':270 'lolbin':258 'maintain':121 'malici':264 'map':78,107 'match':506 'methodolog':454 'mimic':280 'minim':414,457 'misconfigur':239 'miss':543 'mitr':11,44,49 'modif':269 'modifi':219 'movement':68,111,293,315 'narrat':361 'network':109,162 'never':425 'normal':289 'obfusc':262 'object':74,76,380 'oper':274 'opportun':209,232 'output':515 'overview':496 'owner':237 'parti':167,200 'pass':304,309 'pass-the-hash':303 'pass-the-ticket':308 'passiv':130,137 'password':299,339 'path':212,215,316 'pattern':283,446 'permiss':218,536 'persist':59,91,354 'phase':15,52,73,75 'phish':181 'pre':347 'pre-auth':346 'principl':8,41,129,205,253,294,359 'privileg':60,94,203,222 'product':427 'proof':437 'public':186 'purpos':257 'rang':163 'rdp':321 'real':419 'reboot':93 'recon':77 'reconnaiss':55,128 'red':2,5,36,469 'red-team-tact':1 'rememb':468 'remot':319 'remov':272 'rep':342 'report':18,358,416,460 'requir':534 'retain':440 'review':527 'risk':148 'roast':343 'run':87 'rush':450 'safeti':537 'scan':164 'scope':165,413,434,464,508 'script':249 'secur':28,275 'sedebug':224 'select':157,175 'sensit':441 'servic':189,211,217,220,320,327,337,432 'share':318 'simul':40,471 'skill':24,484,500 'skill-red-team-tactics' 'skip':459 'social':160 'source-sickn33' 'specif':522 'spread':112 'ssh':322 'stack':154 'standard':300 'stay':411,465 'stop':528 'store':226 'substitut':518 'success':391,540 'sudo':238 'suid':233 'suppli':168,196 'surfac':80 'surviv':92 'system':115 'tactic':4,7,38 'target':90,118,139,150,183,207,230,335 'task':504 'team':3,6,37,470 'techniqu':255,256,375,392 'technolog':153 'test':524 'third':166,199 'third-parti':198 'threat':420 'ticket':307,311,353 'timestomp':266 'token':221 'tool':261 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'trade':135 'trade-off':134 'traffic':282 'treat':513 'type':133,296,297 'unless':433 'unquot':210 'use':20,22,180,259,284,298,377,482,498 'valid':31,191,523 'valu':152 'vector':156,174,177 'vs':131 'vulner':188,243 'weak':216 'window':206 'winrm':323 'within':412,466 'without':345 'work':276,402 'workflow':490 'writabl':248 'write':213","prices":[{"id":"74625679-e8f0-4def-a62b-0fd140702820","listingId":"a2ce2660-22a8-428d-b808-ae943af5ebf2","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:43:26.335Z"}],"sources":[{"listingId":"a2ce2660-22a8-428d-b808-ae943af5ebf2","source":"github","sourceId":"sickn33/antigravity-awesome-skills/red-team-tactics","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/red-team-tactics","isPrimary":false,"firstSeenAt":"2026-04-18T21:43:26.335Z","lastSeenAt":"2026-04-22T18:52:07.398Z"}],"details":{"listingId":"a2ce2660-22a8-428d-b808-ae943af5ebf2","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"red-team-tactics","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34583,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-22T06:40:00Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"36c63aec25b7aa849c77442be42f19d3fefc18c1","skill_md_path":"skills/red-team-tactics/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/red-team-tactics"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"red-team-tactics","description":"Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/red-team-tactics"},"updatedAt":"2026-04-22T18:52:07.398Z"}}