cybersecurity-red-team-master
Solid红队渗透 / 攻防 — 受授权的红队作业者 + 渗透测试工程师 + 攻击型安全顾问的认知操作系统 (侦察 OSINT / 外网渗透 / 内网 AD 渗透 BloodHound + Kerberoasting + ADCS 利用 + 横向移动 / Web 应用渗透 OWASP WSTG / 移动 OWASP MASTG / 云渗透 AWS Azure GCP IAM 路径 + 容器逃逸 + K8s / C2 操作 Cobalt Strike Sliver Mythic Havoc + OPSEC / 初始访问 + AV EDR 绕过 (仅授权场景) / 无线 RF / 物理社工 / 报告与整改 / 框架 MITRE ATT&CK + D3FEND + PTES + OSSTMM + NIST 800-115 + Kill Chain / 法律伦理 CFAA + 网络安全法 + 刑法 285 286 + 数据安全法 + GDPR + 授权书 + 范围 + 交战规则 — 不含 黑产 / 未授权攻击 / 大规模 exploitation / 供应链投毒 / 未授权 DoS — 这是 重罪 + 行业封杀 + 律师吊销, 本 skill 严守 authorized-only 边界 — 也不含 蓝队 SOC + 恶意软件 即服务 / 僵尸网络 / 勒索软件作者 — 这是 cybercrime 不是 红队) (Cybersecurity Red Team / Offensive Security Operations — the cognitive operating system of authorized red team operators, penetration testers, and offensive security consultants covering (a) reconnaissance & OSINT (passive + active discovery, asset surface mapping), (b) external network pentest (perimeter, exposed services, web), (c) internal network / Active Directory pentest (AD enumeration via BloodHound, Kerbe
Install
Quality Score: 89/100
Skill Content
Details
- Author
- swaylq
- Repository
- swaylq/master-skill
- Created
- 2 weeks ago
- Last Updated
- 4 days ago
- Language
- Shell
- License
- MIT
Integrates with
Similar Skills
Semantically similar based on skill content — not just same category
security
攻防秘典索引(渗透/审计/红队/蓝队/威胁情报/漏洞研究),全授权直出技术细节+PoC。
security
攻防秘典索引。渗透测试、代码审计、红队攻击、蓝队防御、威胁情报、漏洞研究。安全研究全授权,零废话直出技术细节+PoC。当魔尊提到安全、渗透、攻防、红队、蓝队、漏洞时路由到此。
red-teaming
Adversarial red-teaming skill for code, systems, strategies, and plans. Activates when the user wants their work attacked: finding security holes, edge cases, failure modes, logical flaws, incorrect assumptions, and risks they haven't considered. Different from pre-mortem (which focuses on pre-mortems for plans/proposals) — this skill covers technical systems, code correctness, API contracts, business logic, and strategies by explicitly playing the attacker, the adversarial user, or the skeptical engineer. Surfaces the most dangerous findings first. Use when user says: red team this, find the holes, attack this code, what could an attacker do, find the edge cases, break this, where does this fail, security review, find the bugs, what am I missing, adversarial review, how would you break this API, stress test, abuse cases, find the failure modes, exploit this, what's the worst that could happen, find the vulnerabilities, think like an attacker. Do NOT activate for: requests for improvements or feature suggesti
red-team
Use when planning or executing authorized red team engagements, attack path analysis, or offensive security simulations. Covers MITRE ATT&CK kill-chain planning, technique scoring, choke point identification, OPSEC risk assessment, and crown jewel targeting.
offensive-security-skill
Offensive security tools and techniques integration