Comprehensive Prompting Guide for Cybersecurity Red and Blue Teams

Introduction: This guide offers a collection of tailored prompts for cybersecurity professionals, focusing on red team (offensive) and blue team (defensive) scenarios. Use these prompts with GitHub Copilot to enhance documentation, research, and technical tasks.

Prompting Fundamentals

• Specificity: Clearly state the objective or desired output.
• Context: Provide contextual information to guide Copilot’s response.
• Iterative Refinement: Use follow-up prompts to deepen the response.

Red Team Prompt Examples (Offensive Security)

1. Penetration Testing

• “Document the steps for an internal network penetration test.”
• “Write a methodology for testing Active Directory environments.”
• “Create a checklist for a web application penetration test.”

# Web Application Penetration Test Checklist
1. Information Gathering (DNS enumeration, WHOIS, etc.)
2. Vulnerability Scanning (using Burp Suite, OWASP ZAP)
3. Exploitation (SQL injection, XSS, CSRF)
4. Post-Exploitation (access control bypass, sensitive data exposure)
5. Reporting (findings, impact, recommendations)
    

2. Exploit Development

• “Generate Python code for a simple buffer overflow exploit.”
• “Document common techniques for bypassing Windows Defender.”
• “Write a guide on exploiting SQL injection vulnerabilities.”

# Techniques to Bypass Windows Defender
- Using obfuscation techniques in PowerShell scripts
- Employing reflective DLL injection
- Encrypting payloads with custom packers
    

3. Social Engineering

• “Draft a phishing simulation plan for an internal test.”
• “List tactics for pretexting in social engineering engagements.”
• “Create a sample phishing email for credential harvesting.”

# Sample Phishing Email for Credential Harvesting
Subject: Account Verification Required  
Dear [Employee],  
Your account has unusual login activity. Please verify your credentials here: [Malicious Link]  
Failure to do so will result in account suspension.  
Regards, IT Support Team
    

4. Red Team Operations

• “Outline the phases of a red team assessment for a financial institution.”
• “Document an attack simulation focused on insider threats.”
• “Create a report template for a red team engagement.”

# Red Team Engagement Phases
1. Reconnaissance (OSINT, network mapping)
2. Initial Access (phishing, exploit development)
3. Lateral Movement (credential dumping, pass-the-hash)
4. Privilege Escalation (local exploit, kernel vulnerabilities)
5. Data Exfiltration (covert channels, data staging)
6. Reporting (findings, impact assessment, mitigation)
    

Blue Team Prompt Examples (Defensive Security)

1. Incident Response

• “Write a detailed malware incident response plan.”
• “Document steps for analyzing a suspicious process on a Windows host.”
• “List tools for memory forensics in incident response.”

# Malware Incident Response Plan
1. Detection and Verification
2. Containment (network isolation, blocking malicious IPs)
3. Eradication (malware removal, forensic analysis)
4. Recovery (system restoration, patching)
5. Lessons Learned (post-incident review, documentation)
    

2. Threat Intelligence

• “Create a threat intelligence report on recent ransomware attacks.”
• “List common indicators of compromise (IOCs) for phishing attacks.”
• “Generate a threat hunting playbook for APT detection.”

# Common IOCs for Phishing Attacks
- Suspicious domain names
- Malicious email attachments
- Abnormal login behavior
- Credential-based anomalies
    

3. Security Operations Center (SOC)

• “Develop use cases for SIEM monitoring in a financial institution.”
• “Document a runbook for responding to DDoS attacks.”
• “Write a playbook for triaging alerts from EDR solutions.”

# SIEM Use Cases for Financial Institutions
- Unusual login locations
- Privileged account access monitoring
- Data exfiltration detection
- Suspicious PowerShell command execution
    

4. Defensive Security Architecture

• “Describe network segmentation strategies for preventing lateral movement.”
• “Draft a policy for securing privileged accounts.”
• “Create a guide for configuring endpoint detection and response (EDR).”

# Securing Privileged Accounts
- Implement multi-factor authentication (MFA)
- Regularly rotate credentials
- Monitor privileged access with SIEM
- Enforce least privilege principle
    

Conclusion

These comprehensive prompts can guide cybersecurity professionals in generating precise, relevant, and actionable documentation using GitHub Copilot’s Web UI. Adapt and expand these prompts to fit your specific red or blue team needs.