Anthropic-Cybersecurity-Skills/skills/executing-red-team-engagement-planning/references/api-reference.md

API Reference: Red Team Engagement Planning

MITRE ATT&CK Framework

Tactics (Enterprise)

ID	Tactic
TA0043	Reconnaissance
TA0042	Resource Development
TA0001	Initial Access
TA0002	Execution
TA0003	Persistence
TA0004	Privilege Escalation
TA0005	Defense Evasion
TA0006	Credential Access
TA0007	Discovery
TA0008	Lateral Movement
TA0009	Collection
TA0011	Command and Control
TA0010	Exfiltration
TA0040	Impact

ATT&CK Navigator API

GET https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json

Red Team Tools API References

Cobalt Strike — Teamserver

./teamserver <IP> <password> <malleable_c2_profile>

GoPhish — Campaign API

POST https://gophish-server:3333/api/campaigns/
Authorization: Bearer {api_key}

{
  "name": "Spearphishing Test",
  "template": {"name": "IT Support"},
  "url": "https://phish.example.com",
  "smtp": {"name": "smtp_config"},
  "groups": [{"name": "Target Group"}]
}

BloodHound — Data Collection

# SharpHound collection
SharpHound.exe -c All --domain corp.local
# or via Python
bloodhound-python -d corp.local -u user -p pass -c all

Engagement Plan Structure

Key Sections

Section	Content
Scope	IP ranges, domains, systems in/out
Rules of Engagement	Authorization, boundaries
Objectives	Goals mapped to business risk
Scenarios	Attack paths and techniques
Timeline	Phases with milestones
Communication	Deconfliction, reporting
Data Handling	Encryption, retention, destruction

PTES (Penetration Testing Execution Standard)

Phases

1. Pre-engagement Interactions
2. Intelligence Gathering
3. Threat Modeling
4. Vulnerability Analysis
5. Exploitation
6. Post-Exploitation
7. Reporting

Report Template Fields

Field	Description
Executive Summary	Business impact overview
Scope & Methodology	What was tested and how
Findings	Vulnerabilities with CVSS scores
Attack Narrative	Timeline of red team actions
Detection Gaps	What blue team missed
Recommendations	Prioritized remediation