Skip to main content
Red Team Operator is a dedicated agent for authorized adversary simulation and assumed-breach workflows. It is scope-aware and designed for internal network penetration testing, lateral movement, and controlled exploitation scenarios.

What it does

  • Adversary simulation: executes red team scenarios including credential attacks, lateral movement, and privilege escalation within authorized scope
  • Internal network testing: enumerates internal networks, services, and infrastructure accessible via VPN or SSH connections
  • Assumed-breach workflows: starts from a compromised position and tests what an attacker could reach from that foothold
  • Credential attacks with lockout guardrails: tests authentication mechanisms while respecting lockout thresholds to avoid disrupting production systems
  • Exploitation toolkit: full sandbox execution with OOB callbacks, SSRF, XXE, DNS rebinding, and redirect infrastructure
  • Network traffic analysis: captures and replays authenticated HTTP traffic for session analysis and exploit development
  • VPN and SSH management: connects to internal environments and manages access throughout the engagement

How it fits in

Red Team Operator is invoked for tasks explicitly scoped to internal testing, adversary simulation, or assumed-breach scenarios. It operates only within authorized scope boundaries defined in the task or project settings.