Now in early access, book a 30-minute demo →
Skill scan report

adversary-emulation

View on GitHub
24 Low This skill contains obfuscated or hidden content. Automated analysis flagged 10 additional risk patterns.

What this skill does

The skill is a security/teaching tool designed for adversary emulation, allowing red teams to simulate real-world threat actor tactics, techniques, and procedures (TTPs) for detection and response tes

github/purpleailab - YARA Match - 4.8k stars

ThreatsYARA Match Obfuscation

Threat analysis

YARA Match10 findings
Obfuscation7 findings

Skill info

Namepurpleailab/adversary-emulation
Registrygithub
Versionccb8de6
PURLpkg:github/PurpleAILAB/Decepticon@ccb8de6?skill=adversary-emulation
Stars4.8k

Assessments (17)

YARA Match10 findings CRITICAL
HIGH

YARA Match via skillspector

sandworm-team/SKILL.md

Impacket WMIexec; Impacket WMIexec
CRITICAL

YARA Match via skillspector

sandworm-team/SKILL.md

sliver** with HTTPS and TLS-tunneled (Yamux-like) profiles; emulate Telegram/web-service bidirectional C2 with a benign beacon
HIGH

YARA Match via skillspector

sandworm-team/SKILL.md

Mimikatz; Mimikatz; Mimikatz; Mimikatz
HIGH

YARA Match via skillspector

scattered-spider/SKILL.md

SharpHound; SharpHound; SharpHound
HIGH

YARA Match via skillspector

scattered-spider/SKILL.md

LinPEAS; LinPEAS
HIGH

YARA Match via skillspector

scattered-spider/SKILL.md

social-engineer; social-engineer; social-engineer; social-engineer; social-engineer
HIGH

YARA Match via skillspector

scattered-spider/SKILL.md

Mimikatz; Mimikatz; Mimikatz; Mimikatz; LaZagne; LaZagne; LaZagne; NTDS.dit
CRITICAL

YARA Match via skillspector

turla/SKILL.md

Meterpreter; Meterpreter; Meterpreter; Metasploit / Meterpreter | S0261 | Post-exploit; PowerShell Empire; PowerShell: extensively used PowerShell for post-compromise operations, including Empire; Pow
HIGH

YARA Match via skillspector

turla/SKILL.md

Mimikatz; Mimikatz; Mimikatz; Mimikatz; Mimikatz; Mimikatz; Mimikatz; Mimikatz
HIGH

YARA Match via skillspector

volt-typhoon/SKILL.md

Mimikatz; ntds.dit; ntds.dit; ntds.dit; ntds.dit; ntds.dit; ntds.dit
Obfuscation7 findings MEDIUM
MEDIUM

Obfuscation via anomity-rules

apt29-cozy-bear/SKILL.md

- **2008 - 2018  -  "The Dukes" espionage operations.** Long-running campaigns against Western governments and think tanks using the MiniDuke/CosmicDuke/CozyDuke/SeaDuke/HAMMERTOSS toolset. (MITRE ATT
MEDIUM

Obfuscation via anomity-rules

apt34-oilrig/SKILL.md

- **Discovery (T1087/T1082/T1016/T1049/T1069/T1201/T1046):** Execute the LOLBin recon sequence (`whoami`, `net user`/`net group`, `ipconfig /all`, `netstat -an`, `net accounts`, `sc query`) via bash a
MEDIUM

Obfuscation via anomity-rules

apt37-reaper/SKILL.md

- **T1055**  -  Process injection: injects malware (RoKRAT) into `cmd.exe` using VirtualAlloc/WriteProcessMemory/CreateRemoteThread for execution in a legitimate process context.
MEDIUM

Obfuscation via anomity-rules

kimsuky/SKILL.md

- https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf
MEDIUM

Obfuscation via anomity-rules

patchwork/SKILL.md

- https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf
MEDIUM

Obfuscation via anomity-rules

references/anyrun-free-iocs.md

6d64643c044fe534dbb2c1158409138fcded757e550c6f79eada15e69a7865bc  # imfsbDll.dll
MEDIUM

Obfuscation via anomity-rules

turla/SKILL.md

- https://www.leonardo.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf

Badge

Add the Anomity scan badge for adversary-emulation to your README.

Anomity Skill Check badge

Markdown
[![Anomity Skill Check](https://anomity.ai/skills/badge.svg)](https://anomity.ai/skills/github/purpleailab/adversary-emulation/)
HTML
<a href="https://anomity.ai/skills/github/purpleailab/adversary-emulation/"><img src="https://anomity.ai/skills/badge.svg" alt="Anomity Skill Check"></a>
Image URL
https://anomity.ai/skills/badge.svg

How Anomity governs this at runtime

Scan-time vetting tells you what a skill says it will do. Anomity's Endpoint Sensor sees what agents actually do: it discovers skills alongside every other AI artifact on the endpoint, and runtime governance can allow, deny, or log the tool calls a skill triggers. Policy violations route to your SIEM, Slack, email, or Jira, backed by a queryable 90-day audit trail.

Book a 30-minute demo to see your own skill inventory.

Methodology and disputes

Every skill is assessed by the Anomity Skill Intelligence engine against its public source; findings indicate risk patterns, not confirmed exploitation. Maintainer of adversary-emulation? Report an issue or request a rescan.

Ask AI about Anomity
ChatGPT Claude Perplexity Google AI Grok