ACG

Advanced Capabilities Group

Runbooks
A compact booklet of security operations runbooks from the Advanced Capabilities Group — unconventional, scenario-driven playbooks for asymmetric security workflows.
About this booklet

Between 2016 and 2021, the Advanced Capabilities Group operated as a small team focused on building and executing unconventional security capabilities. These runbooks capture how we planned, executed, and sustained those operations in the field.

The booklet is intentionally blunt and functional. No filler, no abstractions; just the procedures, things to consider, and decision points that consistently work when the situation gets difficult.

It’s worth noting that these runbooks are intentionally high-level. Substantial effort went into removing outdated material, some of it reaching back to 2008, and retaining only the general guidance that helps security professionals develop their own detailed procedures. Any sensitive specifics that could enable misuse have been deliberately excluded.

Note: These runbooks are intended solely for instructional and lawful security applications. Any other use is strictly prohibited.

Inside the runbooks

Each section maps to a real service line we delivered, with concrete steps for planning, execution, and debrief.


The runbooks included are:


  • Digital special reconnaissance and disruption operations
  • Offensive digital operations
  • Reduced-signature security operations
  • Worst-case-scenario digital security assessments
  • Physical security assessments and red team operations
  • Digital footprint analysis and mitigation
  • Personal security training and evaluation
  • Combined physical and digital security training
  • Security program design for complex organizations
  • Offensive Security Tool Development

Each runbook is written to be self-contained: background, mission profile, prep work, execution plans, and after-action questions.

Who this is for

The booklet is aimed at security leaders, operators, and small teams responsible for asymmetric or high-friction environments: red teams, security operations, incident response, digital intelligence, and protective security.

It assumes you already know the basics. The focus is on how to stitch them together into capabilities that work when the scenario is ambiguous and the time is limited.

Get the booklet

A limited hardcopy booklet, along with a digital edition for download will be available soon.

Get the runbooks (soon).