red-team-tactics▌
davila7/claude-code-templates · updated Apr 8, 2026
Adversary simulation principles based on MITRE ATT&CK framework.
Red Team Tactics
Adversary simulation principles based on MITRE ATT&CK framework.
1. MITRE ATT&CK Phases
Attack Lifecycle
RECONNAISSANCE → INITIAL ACCESS → EXECUTION → PERSISTENCE
↓ ↓ ↓ ↓
PRIVILEGE ESC → DEFENSE EVASION → CRED ACCESS → DISCOVERY
↓ ↓ ↓ ↓
LATERAL MOVEMENT → COLLECTION → C2 → EXFILTRATION → IMPACT
Phase Objectives
| Phase | Objective |
|---|---|
| Recon | Map attack surface |
| Initial Access | Get first foothold |
| Execution | Run code on target |
| Persistence | Survive reboots |
| Privilege Escalation | Get admin/root |
| Defense Evasion | Avoid detection |
| Credential Access | Harvest credentials |
| Discovery | Map internal network |
| Lateral Movement | Spread to other systems |
| Collection | Gather target data |
| C2 | Maintain command channel |
| Exfiltration | Extract data |
2. Reconnaissance Principles
Passive vs Active
| Type | Trade-off |
|---|---|
| Passive | No target contact, limited info |
| Active | Direct contact, more detection risk |
Information Targets
| Category | Value |
|---|---|
| Technology stack | Attack vector selection |
| Employee info | Social engineering |
| Network ranges | Scanning scope |
| Third parties | Supply chain attack |
3. Initial Access Vectors
Selection Criteria
| Vector | When to Use |
|---|---|
| Phishing | Human target, email access |
| Public exploits | Vulnerable services exposed |
| Valid credentials | Leaked or cracked |
| Supply chain | Third-party access |
4. Privilege Escalation Principles
Windows Targets
| Check | Opportunity |
|---|---|
| Unquoted service paths | Write to path |
| Weak service permissions | Modify service |
| Token privileges | Abuse SeDebug, etc. |
| Stored credentials | Harvest |
Linux Targets
| Check | Opportunity |
|---|---|
| SUID binaries | Execute as owner |
| Sudo misconfiguration | Command execution |
| Kernel vulnerabilities | Kernel exploits |
| Cron jobs | Writable scripts |
5. Defense Evasion Principles
Key Techniques
| Technique | Purpose |
|---|---|
| LOLBins | Use legitimate tools |
| Obfuscation | Hide malicious code |
| Timestomping | Hide file modifications |
| Log clearing | Remove evidence |
Operational Security
- Work during business hours
- Mimic legitimate traffic patterns
- Use encrypted channels
- Blend with normal behavior
6. Lateral Movement Principles
Credential Types
| Type | Use |
|---|---|
| Password | Standard auth |
| Hash | Pass-the-hash |
| Ticket | Pass-the-ticket |
| Certificate | Certificate auth |
Movement Paths
- Admin shares
- Remote services (RDP, SSH, WinRM)
- Exploitation of internal services
7. Active Directory Attacks
Attack Categories
| Attack | Target |
|---|---|
| Kerberoasting | Service account passwords |
| AS-REP Roasting | Accounts without pre-auth |
| DCSync | Domain credentials |
| Golden Ticket | Persistent domain access |
8. Reporting Principles
Attack Narrative
Document the full attack chain:
- How initial access was gained
- What techniques were used
- What objectives were achieved
- Where detection failed
Detection Gaps
For each successful technique:
- What should have detected it?
- Why didn't detection work?
- How to improve detection
9. Ethical Boundaries
Always
- Stay within scope
- Minimize impact
- Report immediately if real threat found
- Document all actions
Never
- Destroy production data
- Cause denial of service (unless scoped)
- Access beyond proof of concept
- Retain sensitive data
10. Anti-Patterns
| ❌ Don't | ✅ Do |
|---|---|
| Rush to exploitation | Follow methodology |
| Cause damage | Minimize impact |
| Skip reporting | Document everything |
| Ignore scope | Stay within boundaries |
Remember: Red team simulates attackers to improve defenses, not to cause harm.
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.6★★★★★34 reviews- ★★★★★Noor Anderson· Dec 20, 2024
red-team-tactics fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Ira Shah· Dec 16, 2024
We added red-team-tactics from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Maya Singh· Nov 7, 2024
red-team-tactics reduced setup friction for our internal harness; good balance of opinion and flexibility.
- ★★★★★Maya Harris· Oct 26, 2024
Registry listing for red-team-tactics matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Oshnikdeep· Sep 25, 2024
red-team-tactics is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- ★★★★★Hassan Bhatia· Sep 17, 2024
Keeps context tight: red-team-tactics is the kind of skill you can hand to a new teammate without a long onboarding doc.
- ★★★★★Ganesh Mohane· Aug 16, 2024
Keeps context tight: red-team-tactics is the kind of skill you can hand to a new teammate without a long onboarding doc.
- ★★★★★Hassan Anderson· Aug 8, 2024
red-team-tactics is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- ★★★★★Sofia Smith· Jul 27, 2024
Solid pick for teams standardizing on skills: red-team-tactics is focused, and the summary matches what you get after install.
- ★★★★★Zaid Gill· Jul 23, 2024
I recommend red-team-tactics for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
showing 1-10 of 34