Files
Anthropic-Cybersecurity-Skills/skills/performing-red-team-with-covenant/SKILL.md
T
mukul975 efca3ec611 feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
2026-04-06 11:17:40 +02:00

2.2 KiB

name, description, domain, subdomain, tags, version, author, license, nist_csf
name description domain subdomain tags version author license nist_csf
performing-red-team-with-covenant Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener setup, grunt deployment, task execution, and lateral movement tracking. cybersecurity red-team
red-team
c2
covenant
adversary-simulation
penetration-testing
1.0 mahipal Apache-2.0
ID.RA-01
GV.OV-02
DE.AE-07

Performing Red Team Operations with Covenant C2

Overview

Covenant is a collaborative .NET C2 framework for red teamers that provides a Swagger-documented REST API for managing listeners, launchers, grunts (agents), and tasks. This skill covers automating Covenant operations through its API for authorized red team engagements: creating HTTP/HTTPS listeners, generating binary and PowerShell launchers, deploying grunts, executing tasks on compromised hosts, and tracking lateral movement.

When to Use

  • When conducting security assessments that involve performing red team with covenant
  • When following incident response procedures for related security events
  • When performing scheduled security testing or auditing activities
  • When validating security controls through hands-on testing

Prerequisites

  • Covenant C2 server deployed (Docker or .NET 6)
  • Python 3.9+ with requests library
  • Covenant API token (obtained via /api/users/login)
  • Written authorization for red team engagement
  • Isolated lab or authorized target environment

Steps

Step 1: Authenticate to Covenant API

Obtain a JWT token by posting credentials to /api/users/login endpoint.

Step 2: Create Listener

Configure an HTTP or HTTPS listener with callback URLs and bind address.

Step 3: Generate Launcher

Create a binary, PowerShell, or MSBuild launcher tied to the listener for grunt deployment.

Step 4: Deploy and Manage Grunts

Monitor grunt callbacks, execute tasks, and collect output from compromised hosts.

Step 5: Document Operations

Generate an operations report documenting all actions, timestamps, and findings.

Expected Output

JSON report with listener configuration, active grunts, executed tasks, and task output for engagement documentation.