Purple Team / Adversary Emulation
CommunitySimulate threats, validate defenses, close gaps.
Software Engineering#risk management#cybersecurity#threat hunting#detection engineering#adversary emulation#attack chain#purple team
Authordefconxt
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill bridges the gap between offensive and defensive security teams by providing a structured framework for simulating real-world adversary tactics, techniques, and procedures (TTPs) to rigorously test and improve an organization's detection and response capabilities.
Core Features & Use Cases
- Adversary Emulation: Execute realistic attack scenarios using tools like CALDERA and Atomic Red Team.
- Detection Gap Analysis: Map existing detections against ATT&CK, identify blind spots, and prioritize remediation.
- Emulation Planning: Translate threat intelligence into actionable test plans.
- Cloud Security Testing: Utilize tools like CloudGoat for cloud-specific adversary emulation.
- Use Case: A security team wants to validate their SIEM rules against common credential access techniques. They use this Skill to emulate LSASS dumping (T1003.001) with CALDERA, observe if their SIEM alerts, and if not, use the provided Sigma rule template to create a new detection.
Quick Start
Use the purple-team skill to emulate the LSASS dump technique using CALDERA and validate detection coverage.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Purple Team / Adversary Emulation Download link: https://github.com/defconxt/CIPHER/archive/main.zip#purple-team-adversary-emulation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.