Red Team
技能 已验证 活跃Use when planning or executing authorized red team engagements, attack path analysis, or offensive security simulations. Covers MITRE ATT&CK kill-chain planning, technique scoring, choke point identification, OPSEC risk assessment, and crown jewel targeting.
To enable authorized red teamers and security professionals to systematically plan offensive security engagements, analyze attack paths, and identify critical security controls for hardening.
功能
- Automated kill-chain phase ordering
- Technique scoring by detection risk and effort
- Choke point identification for defensive leverage
- OPSEC risk assessment and mitigation guidance
- Authorization enforcement for all engagements
使用场景
- Planning authorized red team exercises against defined crown jewels.
- Analyzing potential attack paths from initial access to critical assets.
- Prioritizing defensive investments by identifying choke point techniques.
- Generating structured reports for security leadership on engagement scope and risks.
非目标
- Performing actual exploitation or penetration testing activities.
- Vulnerability scanning or incident response.
- Operating without explicit written authorization.
安装
请先添加 Marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install engineering-team@claude-code-skills质量评分
已验证类似扩展
Find Cybersecurity Firm
100在用户希望查找、筛选、审核或丰富美国网络安全公司信息时使用——包括渗透测试/红队、安全审计、vCISO、SOC 2 准备、事件响应、托管 SOC、IAM、云安全和 AppSec。当用户输入“为我们的 SOC 2 审计找一家渗透测试公司”、“为我们医疗科技初创公司筛选三家 vCISO 服务商”、“我们需要事件响应服务合同”或“拉取这 8 家安全公司域名的联系信息”等请求时触发,即使是以间接方式描述(我们被攻击了,为合规审计做准备,让我们准备好 SOC 2)。它会驱动 ServiceGraph API (api.servicegraph.co) —— 一个拥有超过 10 万家美国公司目录的数据库,可按行业、服务、地点、规模、评分进行筛选。排除内部安全招聘、关于“如何修补 CVE-X”或“配置防火墙 Y”的 DIY 问题、安全产品评测(如 CrowdStrike vs SentinelOne 等)、通用安全知识问题、面向消费者的个人安全建议、非美国公司、个人自由职业者和赏金猎人。
Researchers Security
99Researches malware analysis, CVEs, attribution reports, and hacker community sources. Use when the album subject involves cybersecurity incidents or threat actors.
Security Pen Testing
99Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers static analysis, dependency scanning, secret detection, API security testing, and pen test report generation.
FDA Consultant Specialist
95FDA regulatory consultant for medical device companies. Provides 510(k)/PMA/De Novo pathway guidance, QSR (21 CFR 820) compliance, HIPAA assessments, and device cybersecurity. Use when user mentions FDA submission, 510(k), PMA, De Novo, QSR, premarket, predicate device, substantial equivalence, HIPAA medical device, or FDA cybersecurity.
Red Team Verifier Patrick Munro
95Adversarial verification for AI-generated legal content with systematic fact-checking, source validation, and quality control. Use when User requests verification of legal documents, fact-checking of regulatory content, red team review, or quality assurance before distribution to clients/stakeholders. Provides structured verification reports with severity-categorized errors, verified sources, and distribution readiness assessment.