[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-8928c5d4-7641-4a18-a438-17169f462ce1":3,"$fv7ECwRwunK6vOlaUImcPQVbr2V9OWKGpPz3NHBsibuA":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"8928c5d4-7641-4a18-a438-17169f462ce1","red-team-tactics","基于MITRE ATT&CK的红色团队战术原则。攻击阶段、检测规避、报告。","cat_life_career","mod_other","sickn33,other","---\nname: red-team-tactics\ndescription: \"Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.\"\nrisk: offensive\nsource: community\ndate_added: \"2026-02-27\"\n---\n\n> AUTHORIZED USE ONLY: Use this skill only for authorized security assessments, defensive validation, or controlled educational environments.\n\n# Red Team Tactics\n\n> Adversary simulation principles based on MITRE ATT&CK framework.\n\n---\n\n## 1. MITRE ATT&CK Phases\n\n### Attack Lifecycle\n\n```\nRECONNAISSANCE → INITIAL ACCESS → EXECUTION → PERSISTENCE\n       ↓              ↓              ↓            ↓\n   PRIVILEGE ESC → DEFENSE EVASION → CRED ACCESS → DISCOVERY\n       ↓              ↓              ↓            ↓\nLATERAL MOVEMENT → COLLECTION → C2 → EXFILTRATION → IMPACT\n```\n\n### Phase Objectives\n\n| Phase | Objective |\n|-------|-----------|\n| **Recon** | Map attack surface |\n| **Initial Access** | Get first foothold |\n| **Execution** | Run code on target |\n| **Persistence** | Survive reboots |\n| **Privilege Escalation** | Get admin\u002Froot |\n| **Defense Evasion** | Avoid detection |\n| **Credential Access** | Harvest credentials |\n| **Discovery** | Map internal network |\n| **Lateral Movement** | Spread to other systems |\n| **Collection** | Gather target data |\n| **C2** | Maintain command channel |\n| **Exfiltration** | Extract data |\n\n---\n\n## 2. Reconnaissance Principles\n\n### Passive vs Active\n\n| Type | Trade-off |\n|------|-----------|\n| **Passive** | No target contact, limited info |\n| **Active** | Direct contact, more detection risk |\n\n### Information Targets\n\n| Category | Value |\n|----------|-------|\n| Technology stack | Attack vector selection |\n| Employee info | Social engineering |\n| Network ranges | Scanning scope |\n| Third parties | Supply chain attack |\n\n---\n\n## 3. Initial Access Vectors\n\n### Selection Criteria\n\n| Vector | When to Use |\n|--------|-------------|\n| **Phishing** | Human target, email access |\n| **Public exploits** | Vulnerable services exposed |\n| **Valid credentials** | Leaked or cracked |\n| **Supply chain** | Third-party access |\n\n---\n\n## 4. Privilege Escalation Principles\n\n### Windows Targets\n\n| Check | Opportunity |\n|-------|-------------|\n| Unquoted service paths | Write to path |\n| Weak service permissions | Modify service |\n| Token privileges | Abuse SeDebug, etc. |\n| Stored credentials | Harvest |\n\n### Linux Targets\n\n| Check | Opportunity |\n|-------|-------------|\n| SUID binaries | Execute as owner |\n| Sudo misconfiguration | Command execution |\n| Kernel vulnerabilities | Kernel exploits |\n| Cron jobs | Writable scripts |\n\n---\n\n## 5. Defense Evasion Principles\n\n### Key Techniques\n\n| Technique | Purpose |\n|-----------|---------|\n| LOLBins | Use legitimate tools |\n| Obfuscation | Hide malicious code |\n| Timestomping | Hide file modifications |\n| Log clearing | Remove evidence |\n\n### Operational Security\n\n- Work during business hours\n- Mimic legitimate traffic patterns\n- Use encrypted channels\n- Blend with normal behavior\n\n---\n\n## 6. Lateral Movement Principles\n\n### Credential Types\n\n| Type | Use |\n|------|-----|\n| Password | Standard auth |\n| Hash | Pass-the-hash |\n| Ticket | Pass-the-ticket |\n| Certificate | Certificate auth |\n\n### Movement Paths\n\n- Admin shares\n- Remote services (RDP, SSH, WinRM)\n- Exploitation of internal services\n\n---\n\n## 7. Active Directory Attacks\n\n### Attack Categories\n\n| Attack | Target |\n|--------|--------|\n| Kerberoasting | Service account passwords |\n| AS-REP Roasting | Accounts without pre-auth |\n| DCSync | Domain credentials |\n| Golden Ticket | Persistent domain access |\n\n---\n\n## 8. Reporting Principles\n\n### Attack Narrative\n\nDocument the full attack chain:\n1. How initial access was gained\n2. What techniques were used\n3. What objectives were achieved\n4. Where detection failed\n\n### Detection Gaps\n\nFor each successful technique:\n- What should have detected it?\n- Why didn't detection work?\n- How to improve detection\n\n---\n\n## 9. Ethical Boundaries\n\n### Always\n\n- Stay within scope\n- Minimize impact\n- Report immediately if real threat found\n- Document all actions\n\n### Never\n\n- Destroy production data\n- Cause denial of service (unless scoped)\n- Access beyond proof of concept\n- Retain sensitive data\n\n---\n\n## 10. Anti-Patterns\n\n| ❌ Don't | ✅ Do |\n|----------|-------|\n| Rush to exploitation | Follow methodology |\n| Cause damage | Minimize impact |\n| Skip reporting | Document everything |\n| Ignore scope | Stay within boundaries |\n\n---\n\n> **Remember:** Red team simulates attackers to improve defenses, not to cause harm.\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,65,1151,"2026-05-16 13:36:50",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"其他","other","mdi-page-next-outline","其他类型Skill",5,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"职场发展","career","mdi-briefcase-outline","面试准备、简历优化、职业规划",4,575,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"96d68e59-d84c-4980-b6be-7c81f3651e58","1.0.0","red-team-tactics.zip",2395,"uploads\u002Fskills\u002F8928c5d4-7641-4a18-a438-17169f462ce1\u002Fred-team-tactics.zip","e86080a6a302bbeb5eb957b5f0ef11c38b0ee1f4602c8a6b56d1ed7fb5bd0396","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":4999}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]