Exercises

Practical activities adapted from UX and design thinking methods. Each exercise has a documented origin, clear use case, and links to community templates.

Planning & Scoping

Assumption Mapping

Identify and prioritize your assumptions about the target before attacking. Most failed engagements fail because of untested assumptions.

When to use: Before starting a new engagement, when an approach isn't working, when you have limited time and need to focus.

Time: 15-20 minutes

Vulnerability Framing

Systematically identify where to probe using Norman's Gulf of Execution and Gulf of Evaluation. Surfaces the gaps between intended behavior and actual behavior.

When to use: Before starting a new engagement, when scoping the attack surface, when writing test plans.

Time: 20-30 minutes

Persona & Perspective

Build an Attacker Persona

Create a structured profile of an adversarial actor using empathy mapping. Prevents defaulting to your own mental model.

When to use: Before starting a new engagement, when stuck in repetitive patterns, when testing for specific threat actors.

Time: 15-20 minutes per persona

Ideation & Generation

Adversarial Ideation

Generate, evaluate, and prioritize attack vectors using diverge-then-converge. Moves from "try stuff" to systematic coverage.

When to use: At the start of an engagement, when stuck on one approach, when working with a team.

Time: 20-30 minutes

Adversarial SCAMPER

Systematically generate attack variations using structured creativity prompts: Substitute, Combine, Adapt, Modify, Put to other uses, Eliminate, Reverse.

When to use: When you have a working attack and want variations, when stuck repeating the same patterns.

Time: 15-20 minutes

Execution & Documentation

Map an Attack Journey

Plan, execute, and document a multi-turn attack sequence. Creates reproducible records another tester can follow.

When to use: Before executing a multi-turn attack, during execution, when you need reproducibility.

Time: 10-15 minutes planning + execution

Reflection & Reporting

Attack Retrospective

Structured reflection after an attack using Rose, Bud, Thorn. Extract learnings, identify promising leads, document what to change.

When to use: Immediately after an attack sequence, at the end of a testing session, after a failed attack.

Time: 10-15 minutes

Document Findings

Write vulnerability reports with both technical severity and human harm assessment. Produces findings stakeholders act on.

When to use: After confirming a vulnerability, when prioritizing fixes, when communicating with stakeholders.

Time: 20-30 minutes per finding

Full workflow

The Red Team Kickoff Workshop combines these exercises into a 3-4 hour facilitated session for teams or structured engagements.

Planning & Scoping​

Persona & Perspective​

Ideation & Generation​

Execution & Documentation​

Reflection & Reporting​

Full workflow​