adversary-emulation
What this skill does
The skill is a security/teaching tool designed for adversary emulation, allowing red teams to simulate real-world threat actor tactics, techniques, and procedures (TTPs) for detection and response tes
github/purpleailab - YARA Match - 4.8k stars
Threat analysis
Skill info
pkg:github/PurpleAILAB/Decepticon@ccb8de6?skill=adversary-emulationAssessments (17)
YARA Match
YARA Match via skillspector
sandworm-team/SKILL.md
Impacket WMIexec; Impacket WMIexecYARA Match via skillspector
sandworm-team/SKILL.md
sliver** with HTTPS and TLS-tunneled (Yamux-like) profiles; emulate Telegram/web-service bidirectional C2 with a benign beaconYARA Match via skillspector
sandworm-team/SKILL.md
Mimikatz; Mimikatz; Mimikatz; MimikatzYARA Match via skillspector
scattered-spider/SKILL.md
SharpHound; SharpHound; SharpHoundYARA Match via skillspector
scattered-spider/SKILL.md
LinPEAS; LinPEASYARA Match via skillspector
scattered-spider/SKILL.md
social-engineer; social-engineer; social-engineer; social-engineer; social-engineerYARA Match via skillspector
scattered-spider/SKILL.md
Mimikatz; Mimikatz; Mimikatz; Mimikatz; LaZagne; LaZagne; LaZagne; NTDS.ditYARA Match via skillspector
turla/SKILL.md
Meterpreter; Meterpreter; Meterpreter; Metasploit / Meterpreter | S0261 | Post-exploit; PowerShell Empire; PowerShell: extensively used PowerShell for post-compromise operations, including Empire; PowYARA Match via skillspector
turla/SKILL.md
Mimikatz; Mimikatz; Mimikatz; Mimikatz; Mimikatz; Mimikatz; Mimikatz; MimikatzYARA Match via skillspector
volt-typhoon/SKILL.md
Mimikatz; ntds.dit; ntds.dit; ntds.dit; ntds.dit; ntds.dit; ntds.ditObfuscation
Obfuscation via anomity-rules
apt29-cozy-bear/SKILL.md
- **2008 - 2018 - "The Dukes" espionage operations.** Long-running campaigns against Western governments and think tanks using the MiniDuke/CosmicDuke/CozyDuke/SeaDuke/HAMMERTOSS toolset. (MITRE ATTObfuscation via anomity-rules
apt34-oilrig/SKILL.md
- **Discovery (T1087/T1082/T1016/T1049/T1069/T1201/T1046):** Execute the LOLBin recon sequence (`whoami`, `net user`/`net group`, `ipconfig /all`, `netstat -an`, `net accounts`, `sc query`) via bash aObfuscation via anomity-rules
apt37-reaper/SKILL.md
- **T1055** - Process injection: injects malware (RoKRAT) into `cmd.exe` using VirtualAlloc/WriteProcessMemory/CreateRemoteThread for execution in a legitimate process context.Obfuscation via anomity-rules
kimsuky/SKILL.md
- https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdfObfuscation via anomity-rules
patchwork/SKILL.md
- https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdfObfuscation via anomity-rules
references/anyrun-free-iocs.md
6d64643c044fe534dbb2c1158409138fcded757e550c6f79eada15e69a7865bc # imfsbDll.dllObfuscation via anomity-rules
turla/SKILL.md
- https://www.leonardo.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdfBadge
Add the Anomity scan badge for adversary-emulation to your README.
How Anomity governs this at runtime
Scan-time vetting tells you what a skill says it will do. Anomity's Endpoint Sensor sees what agents actually do: it discovers skills alongside every other AI artifact on the endpoint, and runtime governance can allow, deny, or log the tool calls a skill triggers. Policy violations route to your SIEM, Slack, email, or Jira, backed by a queryable 90-day audit trail.
Book a 30-minute demo to see your own skill inventory.
Methodology and disputes
Every skill is assessed by the Anomity Skill Intelligence engine against its public source; findings indicate risk patterns, not confirmed exploitation. Maintainer of adversary-emulation? Report an issue or request a rescan.




