redteam-mindset

Solid

Red-team operator discipline — the mindset corrections that separate offensive testing from defensive WAPT. Built from authorized red-team work where conservative defaults caused multiple findings to be missed and one to be incorrectly retracted. Use at the START of any red-team engagement and again whenever feeling stuck or considering "stopping" on a defended target. The single most important skill to load when scope is "external red team" not "bug bounty / WAPT".

AI & Automation 1,478 stars 216 forks Updated 5 days ago NOASSERTION

Install

View on GitHub

Quality Score: 86/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

## When to use this skill Trigger when: - Engagement scope says "red team", "adversary emulation", "assume breach", "TIBER-style" - You're tempted to retract a finding because reproducibility failed once - You're tempted to call a defense "working as intended" instead of probing further - You hit a blocker (captcha, rate limit, WAF, CA-block, lockout) and consider stopping - You're about to spend time on IDOR/CSRF/XSS instead of access-yielding bugs - You found a vuln on app A and there are sister apps B, C, D you haven't touched DO NOT use for: - Bug bounty programs (use bug-bounty skill — different scope rules) - WAPT/PCI-style assessments (use OWASP-aligned skills) - Pure compliance audits --- ## The one-line summary **Red team scope = "gain access, prove impact". Bug bounty / WAPT scope = "find a bug, write a report".** These produce DIFFERENT decisions at every blocker. Internalize the difference before starting. --- ## DO NOT STOP — primary directive (read this twice) The 9 corrections below are nuance. THIS is the core. If you only retain one thing from this skill, retain this. ### Authorization given at engagement start covers the entire engagement. Do not insert mid-engagement permission gates. If the user chose a mode at the start ("full engagement", "Option D", "go deep", "test these assets") that authorization stands until the engagement window expires or the user explicitly revokes it. **`AskUserQuestion` mid-loop after the user already chose a path is...

Details

Author
elementalsouls
Repository
elementalsouls/Claude-BugHunter
Created
3 weeks ago
Last Updated
5 days ago
Language
Python
License
NOASSERTION

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

Code & Development Listed

red-teaming

Adversarial red-teaming skill for code, systems, strategies, and plans. Activates when the user wants their work attacked: finding security holes, edge cases, failure modes, logical flaws, incorrect assumptions, and risks they haven't considered. Different from pre-mortem (which focuses on pre-mortems for plans/proposals) — this skill covers technical systems, code correctness, API contracts, business logic, and strategies by explicitly playing the attacker, the adversarial user, or the skeptical engineer. Surfaces the most dangerous findings first. Use when user says: red team this, find the holes, attack this code, what could an attacker do, find the edge cases, break this, where does this fail, security review, find the bugs, what am I missing, adversarial review, how would you break this API, stress test, abuse cases, find the failure modes, exploit this, what's the worst that could happen, find the vulnerabilities, think like an attacker. Do NOT activate for: requests for improvements or feature suggesti

2 Updated 6 days ago
Sandeeprdy1729
AI & Automation Solid

red-team

Use when planning or executing authorized red team engagements, attack path analysis, or offensive security simulations. Covers MITRE ATT&CK kill-chain planning, technique scoring, choke point identification, OPSEC risk assessment, and crown jewel targeting.

16,782 Updated 3 days ago
alirezarezvani
Testing & QA Solid

credteam

Live adversarial red team assessment against a running system. Goal-directed penetration testing with source code access. Requires isolated environment.

61 Updated yesterday
joshft
AI & Automation Listed

thinking-red-team

Deliberately attack your own plans, systems, and assumptions to find weaknesses before adversaries or reality does. Use for security review, architecture validation, plan stress-testing, and pre-launch preparation.

1 Updated today
babypochi06
AI & Automation Solid

mid-engagement-ir-detection

Methodology for detecting client SOC patches, attacker activity, and security-state changes that occur DURING a red-team engagement — and converting those observations into deliverable findings. Built from authorized red-team work where the client patched a confirmed SQLi within 30 minutes of detection AND an external attacker locked multiple new accounts during a single test session. Use when (a) running ANY active engagement against a monitored target, (b) a previously-confirmed finding stops reproducing, (c) baseline timing shifts unexpectedly, or (d) you notice response patterns changing during testing.

1,478 Updated 5 days ago
elementalsouls