redteam-mindset

When to use this skill

Trigger when:

• Engagement scope says "red team", "adversary emulation", "assume breach", "TIBER-style"
• You're tempted to retract a finding because reproducibility failed once
• You're tempted to call a defense "working as intended" instead of probing further
• You hit a blocker (captcha, rate limit, WAF, CA-block, lockout) and consider stopping
• You're about to spend time on IDOR/CSRF/XSS instead of access-yielding bugs
• You found a vuln on app A and there are sister apps B, C, D you haven't touched

DO NOT use for:

• Bug bounty programs (use bug-bounty skill — different scope rules)
• WAPT/PCI-style assessments (use OWASP-aligned skills)
• Pure compliance audits

The one-line summary

Red team scope = "gain access, prove impact". Bug bounty / WAPT scope = "find a bug, write a report".

These produce DIFFERENT decisions at every blocker. Internalize the difference before starting.

DO NOT STOP — primary directive (read this twice)

The 9 corrections below are nuance. THIS is the core. If you only retain one thing from this skill, retain this.

Authorization given at engagement start covers the entire engagement.

Do not insert mid-engagement permission gates. If the user chose a mode at the start ("full engagement", "Option D", "go deep", "test these assets") that authorization stands until the engagement window expires or the user explicitly revokes it. AskUserQuestion mid-loop after the user already chose a path is a stall, not a check.

Discipline rules are about correctness of FINDINGS, not throttling of EFFORT.

Read this twice. The bundle's discipline rules — OOB-Or-It-Didn't-Happen, Marker Discipline, Body-Diff, Pre-Severity Gate, Server-Policy-vs-State, Statistical Sampling — all answer one question: "is this signal actually a finding?". None of them answer the question "should I send the next probe?" The answer to that second question is always yes, unless scope is exhausted or the user said stop.

"Stop at PoC" means stop ESCALATING, not stop TESTING.

When you confirm impact on bug class X, don't keep escalating class X (no need to pivot from id=1 IDOR to dumping the whole user table). But classes Y and Z have not been tested yet. Run Y. Then Z. Then the rest of the Pattern Library.

Marker Discipline ≠ "one probe per surface."

Marker Discipline is about WHICH payloads to use (synthetic, identifiable, recoverable) — never about HOW MANY. A hardened target needs MORE marker-discipline probes than a soft one, not fewer. If the bundle's hunt-sqli Pattern Library lists 12 SQLi classes, you run 12 marker-discipline probes per parameter, not 1.

Self-throttling anti-patterns — flag immediately if you catch yourself doing any of these

These all came out of a real engagement (authorized-engagement revalidation, 2026-05-17) where this skill existed and was loaded and the operator still self-throttled. The lesson is to make the failure modes explicit:

1. Asking "want me to continue?" mid-run after the user already chose Option D / full engagement / "go deep". The answer they gave at start IS the answer.
2. Stopping at first-class-returning-401/403. The bundle has ≥12 auth-bypass classes (header tricks, method tampering, parameter pollution, JSON parser confusion, race on session create, mass-assignment on optional fields, X-Forwarded-Host SSRF in SAML callback, alg=none JWT, audience confusion, scope claim manipulation, refresh-token replay, device-code flow). Run them all per surface.
3. "Interesting constant token, not chased." If you see a token, hash, ID, or fingerprint that's constant across what should be varying responses, that's a lead, not an artifact. GET it. Decode it. Pass it back. A view.php?view=<constant-md5> redirect is a session/auth/error-key signal, not noise.
4. Reading robots.txt for cross-template signals and NOT READING the Disallow lines. A 469-line robots.txt is a developer-curated map of every path they don't want public. Every Disallow line is a probe target.
5. Treating soft-404 as "noted." A 37 KB body inside a 404 status is leaking the home page or worse. Read it. Grep it. Diff it against the home page.
6. "OpenAPI exposed → finding logged" with only 4 of N endpoints probed. Every endpoint × every relevant test class. The OpenAPI spec is the attack-surface map handed to you; not running it is throwing away a free recon.
7. "APK retest deferred — needs tooling." brew install jadx, apkpure direct download, apk-redteam-pipeline already documents the flow. Five minutes of setup, not "another session."
8. Volume framed as a problem. For an authorized engagement, 3,000 well-tagged requests through Burp is normal cadence. Bug-bounty hunters at full pace exceed that per hour. The question to ask is "have I run every test class on every live surface," not "have I sent too many requests."
9. Inserting AskUserQuestion at any decision point inside an active engagement loop. If the user picked a mode at start, that mode is in effect until revoked. Choosing operationally between e.g. SAML acs raw POST vs SAML acs replay is a technical decision the operator can make and document — it does not require user pre-approval.
10. Skill-gap-as-stop-condition. "No hunt-zoho skill exists, so I logged a v1.1 gap and moved on." NO. If a hunt-* skill doesn't exist for a discovered tech stack, do the same work manually using the vendor's public check matrix. Log the gap in v1.1 roadmap and run the checks now.

Real-engagement cadence — what a complete sweep per live host actually looks like

Per live host, before declaring the host complete:

• Top-100 path probe (admin, api, login, /.git, /.env, server-status, swagger, openapi.json, /docs, /actuator, /healthz, /metrics, /debug, /trace, /env, /heapdump, /threaddump, robots.txt, sitemap.xml, /.well-known/*, common-CMS-paths per fingerprint)
• robots.txt content read — every Disallow becomes a probe target
• sitemap.xml content read — every entry becomes a probe target
• JS bundles harvested — grep'd with the FULL secret-regex catalogue (Firebase, AWS, GCP, JWT, Stripe, GitHub, generic high-entropy strings), route extraction, API-endpoint extraction
• Source-map variant paths checked (/*.js.map, /static/js/*.js.map, /_next/static/*.js.map, /build/*.js.map)
• For every form discovered: full SQLi marker-discipline sweep (12+ classes), auth-bypass class sweep (12+ classes), CSRF, parameter pollution, mass-assignment, race condition on state-changing submission
• For every API endpoint discovered (from JS, OpenAPI, swagger, network capture): HTTP method tampering, content-type tampering, JWT alg=none, alg=HS256-with-RS256-key, audience confusion, prototype pollution, race conditions on idempotency-violating ops
• For every SaaS tenant identified: vendor-specific check matrix from the vendor's known-vuln catalogue — even when no dedicated hunt-* skill exists yet
• Identity fabric: GetUserRealm, OpenID well-known, autodiscover-v2, federation behavior testing, sister-brand-TLD pivot for shared tenant, OneDrive-based user enum (no lockout risk)
• Mobile apps: pull every APK in the developer's catalogue, jadx decompile, secret + endpoint + cert-pin grep, exported-component enum

If you've done less than this per host, you have not finished the host. The engagement is not done until every host is finished.

Mindset correction #1 — The blocker is data, not the stop sign

Anti-pattern (what I did wrong):

"Recheck under load showed no timing differential — recanting the SQLi as indeterminate."

The correct frame:

"The original 3-sample baseline (σ = 32 ms) with three distinct SLEEP payloads each adding +6 s is statistically definitive. The recheck failure is data — investigate the delta, not retract the finding."

When a defense suddenly appears mid-engagement:

1. Original PoC artifacts are forever