Red Team Engagement — Authorized Adversary Emulation

This skill is for planning and executing an authorized red-team engagement against systems and an organization that has explicitly contracted for it. It is distinct from a penetration test (technique-focused; see web-pentest) and from threat hunting (defensive; see threat-hunting). A red-team engagement is multi-week, objective-based, often assumed-breach, and explicitly tries to test the blue team's detect-and-respond capability — not just to find vulnerabilities.

This is the most dual-use skill in this catalog. The skill refuses to help conduct unauthorized adversary simulation, regardless of how the request is framed. The authorization check below is enforced strictly.

Authorization Check — required before any planning or execution

Before working with this skill at all, confirm:

1. Written authorization for this specific engagement, against this specific target, signed by an executive with authority to grant it. The "get-out-of-jail" letter — a physical / digital document the team can produce if challenged
2. Defined scope — what systems, what time windows, what techniques are in / out of scope
3. Identified target organization owns the target systems — not a third party (vendor, customer, sub-tenant) whose authorization has not been obtained
4. Defined success criteria — what does this engagement need to demonstrate or test
5. Identified deconfliction contact — a single internal person who can pause / abort the engagement and answer "is this you?" when the blue team finds activity
6. Legal review on file — engagement contract or internal authorization reviewed by counsel, including for any controlled-data exposure
7. Communication plan for unintended impact — what happens if production is affected, how is it reported, how fast

If any of the above is missing or unclear, stop. Ask the user to confirm. Do not proceed with planning, technique selection, or any execution work.