Attack Tree Construction
Systematic attack path visualization and analysis.
Use this skill when
- •Visualizing complex attack scenarios
- •Identifying defense gaps and priorities
- •Communicating risks to stakeholders
- •Planning defensive investments or test scopes
Do not use this skill when
- •You lack authorization or a defined scope to model the system
- •The task is a general risk review without attack-path modeling
- •The request is unrelated to security assessment or design
Instructions
- •Confirm scope, assets, and the attacker goal for the root node.
- •Decompose into sub-goals with AND/OR structure.
- •Annotate leaves with cost, skill, time, and detectability.
- •Map mitigations per branch and prioritize high-impact paths.
- •If detailed templates are required, open
resources/implementation-playbook.md.
Safety
- •Share attack trees only with authorized stakeholders.
- •Avoid including sensitive exploit details unless required.
Resources
- •
resources/implementation-playbook.mdfor detailed patterns, templates, and examples.