Cyver Core transitions your team from standard vulnerability listing to scenario-based, kill-chain modeled Red Teaming engagements.
Follow this onboarding flow to set up your Red Teaming operations: Templates > Client/Scope > Findings & Attack Chains > Debriefing.
1. Preparing Your Templates
Setting up your core templates ensures that every debrief your team produces follows your exact branding, integrates the necessary compliance frameworks, and uses Attack Chain tokens to automatically translate raw tactical data into a structured narrative without requiring manual formatting.
A. Create Your Red Team Report Template
Define the visual and structural output of your final debrief.
- Navigate to Settings > Report Templates. You can use Cyver Core’s pre-built Red Teaming Report Template or build your own from scratch.
Attack Chain Tokens: Ensure you insert specialized dynamic tokens like
{AttackChain_Diagram}(Attack Chain Diagram),{AttackChain_Table}(Attack Chain Timelog, Attack Goals, Attack Steps),{AttackChain_Details}(Attack Chain Details), and{AttackChain_Matrix}(Attack Chain Matrix) to automatically pull your attack paths into the document. Check out our specific token guides for detailed parameters and syntax.
For a complete walkthrough on styling, Markdown, and using tokens, read our detailed guide on Customizing Report Templates.
B. Build Finding Libraries & Templates
Building a centralized knowledge base ensures your operators can quickly drop high-quality, pre-written data into an active operation.
- Navigate to Settings > Finding Libraries and click + Add Finding Library.
- Populate the library with your standard bypass techniques, default credential vulnerabilities, or phishing payloads by clicking + Add Finding Template.
- Tip: Download Ready-to-Use Libraries: You can jumpstart your Red Teaming knowledge base by downloading our pre-built libraries directly from our GitHub repository. This includes ready-to-import CSV files specifically for MITRE ATT&CK® Mitigations, Tactics, and Techniques.
Check out our comprehensive guide on Finding Libraries and Findings Templates.
C. Configure Workflows & Methodologies
- Navigate to Settings > Checklists and Settings > Compliance Norms.
- Ensure your operational methodologies (e.g., Cyber Kill Chain) and tactical mappings (e.g., MITRE ATT&CK®) are ready to be linked to your projects.
Tip: You don't have to build frameworks from scratch! You can download comprehensive, globally recognized standards from our GitHub repository and import them directly into your portal.
D. Create Your Red Teaming Pentest Template
Bundle your methodologies, scopes, and reporting standards into a repeatable Red Team service.
- Navigate to Settings > Pentest Templates. Use Cyver Core’s pre-built Red Teaming template or create your own.
- Workflows & Methodologies: Link the Checklists and Compliance Norms you prepared above.
- Report & Finding Defaults: Link your Red Team Report Template. Set your default Finding Types and default CVSS version.
- Ensure you enable the "Attack chains" tab in the Pentester Portal settings (Note: This requires either the Enterprise plan or the Advanced Methodologies & Compliance Add-on).
To learn more about bundling these settings, read our article on Customizing Pentest Templates.
2. Client & Scope Management
Red Teaming is highly sensitive. Strict scope definition and rigorous access control are critical to maintaining operational realism and preventing unnecessary panic among the client's wider staff.
- Onboard Clients & Users: Navigate to Clients to create the workspace. When inviting client users, add only the specific stakeholders (the "Blue Team") who are authorized to know about the simulation.
- Define Scope: Add the target assets, ensuring the rules of engagement (physical, digital, social) are clearly defined.
For step-by-step instructions, refer to our Onboarding Clients article.
3. Project Execution & Attack Chains
This is where isolated vulnerabilities are transformed into a chronological narrative. Mapping your actions to an Attack Chain allows the Blue Team to understand exactly how a breach unfolded, step-by-step.
A. Start the Operation
- Create a new project by selecting the Client and your Red Teaming Pentest Template.
B. Manage Findings
- Navigate to the Findings tab. Add findings manually, import from a scanner file, or click Import from Library to pull your pre-written TTPs.
- Visibility Control: Keep all findings in Draft mode to ensure they remain strictly internal during the active operation.
C. Build Attack Chains
- Define Scenarios: Navigate to the Attack Chains tab and define your primary operational narrative.
-
Add Components: Build the chronological path of the breach by adding:
- Attack Steps: The specific tactical actions your operators took.
- Mitigations: The defensive controls you encountered or bypassed.
- Facts & Goals: Environmental realities and your ultimate objective.
- Mapping & Linking: There are two ways to build your attack path: you can either create a blank Attack Step from scratch, or connect an Attack Step directly to the Findings you gathered. Once added, categorize these steps against the MITRE ATT&CK (Tactics/Techniques) and Cyber Kill Chain tasks.
- Visualizing: View the auto-generated Attack Chain Diagram and MITRE ATT&CK Matrix directly within the project to ensure the narrative flows logically.
To master scenario building and step mapping, explore our full guide on Attack Chains.
4. Report Generation & Debriefing
Translate raw tactical operator notes and complex matrices into a clear, executive-ready debrief document without spending hours in a word processor.
- Generate the Draft: Navigate to the Report tab inside your project and click Generate Report from Report Template. Cyver Core will instantly populate your standard tokens and specific Attack Chain tokens to create a cohesive narrative.
- Review & Export: Review the generated document. You can easily export the branded PDF directly for physical distribution or executive summaries.
- Publishing: Once the report is finalized, click Publish to make the interactive version securely visible on the Client Portal.
For advanced reporting features and token management, explore our article on Generating, Changing, and Duplicating Report Templates.