AgentSkillsCN

adversary-emulation-planning

利用 MITRE ATT&CK 框架研究并模拟威胁行为者的战术、技术和程序。在规划对手模拟或 TTP 研究时使用。

SKILL.md
--- frontmatter
name: adversary-emulation-planning
description: Research and simulate threat actor TTPs using MITRE ATT&CK framework. Use when planning adversary simulations or TTP research.

Adversary Emulation

Research and document adversary tactics, techniques, and procedures (TTPs) for security testing and threat simulation.

When to Use

  • Research threat actor TTPs for a specific group
  • Plan adversary simulation or red team exercises
  • Map behaviors to MITRE ATT&CK framework
  • Document attack chains for purple team exercises
  • Develop detection rules based on known techniques

Data Access

When you need threat actor data, attack patterns, or TTPs from the Mallory platform, use the mallory-api skill with the SDK:

  • client.threat_actors.get("identifier") — Threat actor details
  • client.threat_actors.attack_patterns("identifier") — MITRE ATT&CK techniques
  • client.threat_actors.export("identifier") — Full profile with relationships
  • client.search.query(q="...", types="threat_actor") — Search for actors by name

Emulation Workflow

  1. Select Threat Actor: Choose based on industry targeting or recent activity
  2. Research TTPs: Get attack patterns and techniques from Mallory API
  3. Map to ATT&CK: Align techniques to MITRE ATT&CK matrix
  4. Plan Execution: Design test scenarios for each technique
  5. Document Detections: Record expected detection opportunities

Resources