MR
Mayur Rathi
@mayurrathi
⭐ 40.7k GitHub stars

Red Team Tactics

Red Team Tactics is an code AI skill with a core value of Red team tactics principles based on MITRE ATT&CK. It helps developers solve real-world problems in the code domain, boosting efficiency, automating repetitive tasks, and optimizing workflows.

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

Last verified on: 2026-07-07

Quick Facts

Category code
Works With Claude
Source sickn33/antigravity-awesome-skills
Stars ⭐ 40.7k
Last Verified 2026-07-07
Risk Level Low
mkdir -p ./skills/red-team-tactics && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/red-team-tactics/SKILL.md -o ./skills/red-team-tactics/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

# Red Team Tactics


> Adversary simulation principles based on MITRE ATT&CK framework.


---


1. MITRE ATT&CK Phases


Attack Lifecycle


text
RECONNAISSANCE → INITIAL ACCESS → EXECUTION → PERSISTENCE
       ↓              ↓              ↓            ↓
   PRIVILEGE ESC → DEFENSE EVASION → CRED ACCESS → DISCOVERY
       ↓              ↓              ↓            ↓
LATERAL MOVEMENT → COLLECTION → C2 → EXFILTRATION → IMPACT

Phase Objectives


| Phase | Objective |

|-------|-----------|

| **Recon** | Map attack surface |

| **Initial Access** | Get first foothold |

| **Execution** | Run code on target |

| **Persistence** | Survive reboots |

| **Privilege Escalation** | Get admin/root |

| **Defense Evasion** | Avoid detection |

| **Credential Access** | Harvest credentials |

| **Discovery** | Map internal network |

| **Lateral Movement** | Spread to other systems |

| **Collection** | Gather target data |

| **C2** | Maintain command channel |

| **Exfiltration** | Extract data |


---


2. Reconnaissance Principles


Passive vs Active


| Type | Trade-off |

|------|-----------|

| **Passive** | No target contact, limited info |

| **Active** | Direct contact, more detection risk |


Information Targets


| Category | Value |

|----------|-------|

| Technology stack | Attack vector selection |

| Employee info | Social engineering |

| Network ranges | Scanning scope |

| Third parties | Supply chain attack |


---


3. Initial Access Vectors


Selection Criteria


| Vector | When to Use |

|--------|-------------|

| **Phishing** | Human target, email access |

| **Public exploits** | Vulnerable services exposed |

| **Valid credentials** | Leaked or cracked |

| **Supply chain** | Third-party access |


---


4. Privilege Escalation Principles


Windows Targets


| Check | Opportunity |

|-------|-------------|

| Unquoted service paths | Write to path |

| Weak service permissions | Modify service |

| Token privileges | Abuse SeDebug, etc. |

| Stored credentials | Harvest |


Linux Targets


| Check | Opportunity |

|-------|-------------|

| SUID binaries | Execute as owner |

| Sudo misconfiguration | Command execution |

| Kernel vulnerabilities | Kernel exploits |

| Cron jobs | Writable scripts |


---


5. Defense Evasion Principles


Key Techniques


| Technique | Purpose |

|-----------|---------|

| LOLBins | Use legitimate tools |

| Obfuscation | Hide malicious code |

| Timestomping | Hide file modifications |

| Log clearing | Remove evidence |


Operational Security


- Work during business hours

- Mimic legitimate traffic patterns

- Use encrypted channels

- Blend with normal behavior


---


6. Lateral Movement Principles


Credential Types


| Type | Use |

|------|-----|

| Password | Standard auth |

| Hash | Pass-the-hash |

| Ticket | Pass-the-ticket |

| Certificate | Certificate auth |


Movement Paths


- Admin shares

- Remote services (RDP, SSH, WinRM)

- Exploitation of internal services


---


7. Active Directory Attacks


Attack Categories


| Attack | Target |

|--------|--------|

| Kerberoasting | Service account passwords |

| AS-REP Roasting | Accounts without pre-auth |

| DCSync | Domain credentials |

| Golden Ticket | Persistent domain access |


---


8. Reporting Principles


Attack Narrative


Document the full attack chain:

1. How initial access was gained

2. What techniques were used

3. What objectives were achieved

4. Where detection failed


Detection Gaps


For each successful technique:

- What should have detected it?

- Why didn't detection work?

- How to improve detection


---


9. Ethical Boundaries


Always


- Stay within scope

- Minimize impact

- Report immediately if real threat found

- Document all actions


Never


- Destroy production data

- Cause denial of service (unless scoped)

- Access beyond proof of concept

- Retain sensitive data


---


10. Anti-Patterns


| ❌ Don't | ✅ Do |

|----------|-------|

| Rush to exploitation | Follow methodology |

| Cause damage |

🎯 Best For

  • Claude users
  • Software engineers
  • Development teams
  • Tech leads

💡 Use Cases

  • Code quality improvement
  • Best practice enforcement

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Red Team Tactics to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Is Red Team Tactics compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for Red Team Tactics?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

How do I install Red Team Tactics?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/red-team-tactics/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Skipping validation

Always test AI-generated code changes, even for simple refactors.

Missing dependency updates

Check if the skill requires updated dependencies or new packages.

🔗 Related Skills