Nowadays, more and more organizations start to use red teaming exercises to simulate attacks or threats against their IT operations for testing and improving their defense posture. While pen testing is a structured approach using an enumeration of attacks, red teams assume the identity of a factious threat actor with its individual intent and skill level. These threat fictional are often based on real adversaries and mimic their tactics, techniques, and procedures (TTPs). Public databases like MITRE ATT&CK provide an enumeration of TTPs belonging to a certain advanced persistent threat and provide planning guidance.